In this post, we are going to take a look at how securely we can store our confidential information like security keys, api keys and similar stuff in .env
files and use them in our Common Lisp web applications.
If you want some refresher about writing Common Lisp web applications, I have already written a post about it here.
Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology. In Common Lisp, we have an awesome library called cl-dotenv
created by Olle Lauri Boström to load information from .env
files and pass it along to our web apps.
Installation
The package is available through Quicklisp.
(ql:quickload :cl-dotenv)
Usage
You can call the load-env
function to load the environment from the specified .env file. You can also use any of the available nicknames cl-dotenv
, .env
or dotenv
.
(.env:load-env (merge-pathnames "./path/.env"))
If you are inside any web application framework or a Lisp project like Caveman
, say for example a project called cl-hello
,
Let's say you have a .env
file like this:
#.env file
API_KEY=1234XXXX
you can use the following snippet to load the .env
file inside your project root folder.
(.env:load-env (asdf:system-relative-pathname "cl-hello" "./.env"))
(defvar *api-key* (uiop:getenv "API_KEY"))
(print *api-key*)
Top comments (0)