Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Environment variables loading with escaped quotes #20

Open
monting opened this issue May 30, 2019 · 5 comments
Open

Environment variables loading with escaped quotes #20

monting opened this issue May 30, 2019 · 5 comments
Labels
help wanted Extra attention is needed question Further information is requested technical

Comments

@monting
Copy link

monting commented May 30, 2019

Firstly, thank you so much for this amazing resource!

Onto the issue. When I insert this code:

phoenix-ecto-encryption-example/config/config.exs

Lines 30 to 42 in 6d79f25

try do # wrap in "try do"
File.stream!("./.env") # in case .env file does not exist.
|> Stream.map(&String.trim_trailing/1) # remove excess whitespace
|> Enum.each(fn line -> line # loop through each line
|> String.replace("export ", "") # remove "export" from line
|> String.split("=", parts: 2) # split on *first* "=" (equals sign)
|> Enum.reduce(fn(value, key) -> # stackoverflow.com/q/33055834/1148249
System.put_env(key, value) # set each environment variable
end)
end)
rescue
_ -> IO.puts "no .env file found!"
end

and have (double/single) quotes around the values in the .env file, the environment variables are loaded with the quotes.

For example, in the .env file:

export SOME_ENV_VAR="randomString"

results in:

iex(3)> System.get_env("SOME_ENV_VAR")
"\"randomString\""

I'm not entirely sure why there's code to load the environment variables like this. Why not just do the standard source .env?
@nelsonic nelsonic added help wanted Extra attention is needed question Further information is requested technical labels May 30, 2019
@RobStallion
Copy link
Member

@monting I think that you are having this issue because of the double quotes you have used in your .env file...

export SOME_ENV_VAR="randomString"

should be...

export SOME_ENV_VAR=randomString

Try this out and let me know if this works for you.

To answer your question about the code to load the environment variables. I didn't write this tutorial/example but I think that it was added so that people do not have to remember to type source .env into their terminal every time that they add a variable. Reduces the chance of human error (and removes repetition)

@monting
Copy link
Author

monting commented May 30, 2019
edited

@RobStallion thanks for your response! Appreciate it.

It is indeed because I'm quoting my shell variable exports. I'd say this is accepted, even recommended practice, so there are readers that will encounter this. Quoting is safer - necessary if you have whitespaces, easier to see that there are no trailing whitespace,...

Furthermore, there's an instance here:
https://github.com/dwyl/phoenix-ecto-encryption-example/blob/master/.env_sample#L2

where the quotes are later getting stripped out here:

phoenix-ecto-encryption-example/config/config.exs

Lines 45 to 49 in 6d79f25

config :encryption, Encryption.AES,
keys: System.get_env("ENCRYPTION_KEYS") # get the ENCRYPTION_KEYS env variable
|> String.replace("'", "") # remove single-quotes around key list in .env
|> String.split(",") # split the CSV list of keys
|> Enum.map(fn key -> :base64.decode(key) end) # decode the key.

This makes quoting inconsistent in the .env file, and one would need to remember not to quote other variables.

I'd say that this is too much env var fiddling, for just being able to load env vars automatically, which is something that seems to be out of scope for the topic of this fantastic readme.

@nelsonic
Copy link
Member

@RobStallion thanks for responding, agreed. ✅
@monting the only reason for this was we couldn't figure out how to have multiple encryption keys ... which was a requirement our infosec person demanded when we were putting together this README.md (in case it wasn't clear, this was a spike we were doing to prove to a fintech co that it was possible to do transparent encryption...)
Indeed the single quotes are being removed in the pipeline.
We agree that this is not an ideal way of having multiple encryption keys.
But this example was not mean to be perfect just a "Proof of Concept".

If you have time to improve it, please create a PR. 👍

@monting
Copy link
Author

monting commented May 30, 2019
edited

@nelsonic thanks for the response, and your work on this has been a godsend 👏

I can see the reasoning behind the multiple encryption keys.
I was more arguing against the code that autoloads env variables in .env:

phoenix-ecto-encryption-example/config/config.exs

Lines 30 to 42 in 6d79f25

try do # wrap in "try do"
File.stream!("./.env") # in case .env file does not exist.
|> Stream.map(&String.trim_trailing/1) # remove excess whitespace
|> Enum.each(fn line -> line # loop through each line
|> String.replace("export ", "") # remove "export" from line
|> String.split("=", parts: 2) # split on *first* "=" (equals sign)
|> Enum.reduce(fn(value, key) -> # stackoverflow.com/q/33055834/1148249
System.put_env(key, value) # set each environment variable
end)
end)
rescue
_ -> IO.puts "no .env file found!"
end

Will send PR for improvement.

@nelsonic
Copy link
Member

@monting I figured that if I was going to split the encryption keys, I might as well write a tiny function to load all the environment variables from the .env file.
It's a rudimentary Elixir version of https://github.com/dwyl/env2 which we used everywhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed question Further information is requested technical
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nelsonic @monting @RobStallion