{"id":17001251,"url":"https://github.com/zemuldo/ex_secrets","last_synced_at":"2025-03-22T16:30:32.488Z","repository":{"id":37952463,"uuid":"501925653","full_name":"zemuldo/ex_secrets","owner":"zemuldo","description":"Secrets providers","archived":false,"fork":false,"pushed_at":"2024-08-14T19:48:32.000Z","size":155,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-18T13:31:58.062Z","etag":null,"topics":["azure-key-vault","azure-managed-service-identity","dotenv","elixir","google-secret-manager","key","secrets-management","secrets-manager"],"latest_commit_sha":null,"homepage":"https://hex.pm/packages/ex_secrets","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zemuldo.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-06-10T06:27:11.000Z","updated_at":"2024-08-14T19:48:35.000Z","dependencies_parsed_at":"2023-10-24T01:48:42.929Z","dependency_job_id":"9538ff8d-0adf-4f02-a437-40c5e9ca1745","html_url":"https://github.com/zemuldo/ex_secrets","commit_stats":{"total_commits":25,"total_committers":1,"mean_commits":25.0,"dds":0.0,"last_synced_commit":"500b4c3718f1f7d0bce20f2522626ba11133c360"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zemuldo%2Fex_secrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zemuldo%2Fex_secrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zemuldo%2Fex_secrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zemuldo%2Fex_secrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zemuldo","download_url":"https://codeload.github.com/zemuldo/ex_secrets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244986184,"owners_count":20542970,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure-key-vault","azure-managed-service-identity","dotenv","elixir","google-secret-manager","key","secrets-management","secrets-manager"],"created_at":"2024-10-14T04:24:17.506Z","updated_at":"2025-03-22T16:30:32.071Z","avatar_url":"https://github.com/zemuldo.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ExSecrets\n\nApp config secret manager for different providers.\n\n## Installation\n\nInstall by adding `ex_secrets` to your list of dependencies in `mix.exs`:\n\n```elixir\ndef deps do\n [\n {:ex_secrets, \"~\u003e 0.3.0\"}\n ]\nend\n```\n\n## How it works\n\nThis library loads secrets on demand from APIs or files. For dotenv file, it is loaded at startup and saved in the cache.\nSecrets are encrypted when store in the cache with a master key generated at startup. Enables developers to access keys securely.\n\nKey features include:\n\n- FETCH and SET secrets.\n- Key fetch throttling.\n- Authentications with providers like Azure Keyvault and Google Secrets manager and token renewals.\n- Catching of secrets.\n- Default key options.\n- You can configure multiple secrets and access from different providers.\n- RESET and RELOAD secrets without shutting down your application.\n\n## Usage\n\n### Get a secret\n\nSecrets are first fetched using system environment. If found thats the value that is used. For this, no configuration is required.\n\n```elixir\niex(1)\u003e ExSecrets.get(\"FOO\")\nnil\niex(2)\u003e System.put_env \"FOO\", \"BAR\"\n:ok\niex(3)\u003e ExSecrets.get(\"FOO\")\n\"BAR\"\niex(4)\u003e\n```\n\nTo overide secret fetch from system environment by default, Specify your own default provider.\n\n```elixir\niex(1)\u003e ExSecrets.get(\"FOO\")\nnil\niex(2)\u003e Application.put_env(:ex_secrets, :default_provider, :dot_env)\n:ok\niex(3)\u003e ExSecrets.get(\"FOO\")\nnil\niex(4)\u003e System.put_env \"FOO\", \"BAR\"\n:ok\niex(5)\u003e ExSecrets.get(\"FOO\")\nnil\niex(7)\u003e\n```\n\n### Set Secret\n\nYou can set a new secret version using:\n\n```elixir\niex(20)\u003e ExSecrets.set(\"TEST\", \"test\", provider: :azure_key_vault)\n:ok\n```\n\n### Reset and Reload\n\nTo reset the secrets and reload, this will clear the cached values and reload doenv. For other providers, values will be fetched on demand.\n\n```elixir\niex(20)\u003e ExSecrets.reset()\n:ok\n```\n\n## Supported Providers\n\nYou can configure:\n\n- Dot env file\n- Azure Keyvault\n- Azure Managed Identity\n- Google Secret Manager\n- AWS Secret Manager\n\n## Provider Config\n\nAzure KeyVault configuration:\n\n```elixir\n config :ex_secrets, :providers, %{\n azure_key_vault: %{\n tenant_id: \"tenant-id\",\n client_id: \"client-id\",\n client_secret: \"client-secret\",\n key_vault_name: \"key-vault-name\"\n }\n }\n```\n\nUsing certificate. You can use `client_certificate_path` or `client_certificate_string`. See Azure keyvault provider section for more details\n\n```elixir\n config :ex_secrets, :providers, %{\n azure_key_vault: %{\n tenant_id: \"tenant-id\",\n client_id: \"client-id\",\n client_certificate_path: \"/path-to/mycert.key\",\n client_certificate_string: \"base 64 encoded string of the cert\",\n client_certificate_x5t: \"x5t of the cert\",\n key_vault_name: \"key-vault-name\"\n }\n }\n```\n\n Azure Managed Identity Configuration:\n\n ```elixir\n config :ex_secrets, :providers, %{\n azure_managed_identity: %{\n key_vault_name: \"key-vault-name\"\n }\n }\n ```\n\n Google Secret Manager\n\n Using service account. You can use `service_account_credentials` or `service_account_credentials_path`. See Azure keyvault provider section for more details\n\n```elixir\n config :ex_secrets, :providers, %{\n google_secret_manager: %{\n service_account_credentials: %{\n \"type\" =\u003e \"service_account\",\n \"project_id\" =\u003e \"project-id\",\n \"private_key_id\" =\u003e \"key-id\",\n \"private_key\" =\u003e \"-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\\n\",\n \"client_email\" =\u003e \"secretaccess@project-id.iam.gserviceaccount.com\",\n \"client_id\" =\u003e \"client-id\",\n \"auth_uri\" =\u003e \"https://accounts.google.com/o/oauth2/auth\",\n \"token_uri\" =\u003e \"https://oauth2.googleapis.com/token\",\n \"auth_provider_x509_cert_url\" =\u003e \"https://www.googleapis.com/oauth2/v1/certs\",\n \"client_x509_cert_url\" =\u003e \"https://www.googleapis.com/robot/v1/metadata/x509/secretaccess%40project-id.iam.gserviceaccount.com\",\n \"universe_domain\" =\u003e \"googleapis.com\"\n },\n service_account_credentials_path: \"/path-to/cred.json\"\n }\n }\n```\n\nAWS Secret Manager:\n\nUsing secret access key. Using instance role is coming soon.\n\n ```elixir\n config :ex_secrets, :providers, %{\n aws_secrets_manager: %{\n access_key_id: \"taccess_key_id\",\n secret_access_key: \"secret_access_key\"\n }\n }\n ```\n\n Dotenv file:\n\n ```elixir\n config :ex_secrets, :providers, %{\n dot_env: %{path: \"/path/.env\"}\n }\n ```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzemuldo%2Fex_secrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzemuldo%2Fex_secrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzemuldo%2Fex_secrets/lists"}