Skip to content

Loading Keys From Environment Variables

Jump to bottom
Jeff Felchner edited this page Mar 6, 2023 · 7 revisions

Chamber provides the ability to sync with any service that provides access to environment variables by sending your private key. This will be stored server side with whatever service you send it to. Then, when your application runs, Chamber will first look to see if the environment variable containing the private key exists, if it does, it will use its contents to decrypt your settings.

Getting Started

In all of our other examples in this guide, we've assumed that we're running Chamber on a system where we have direct access to the filesystem. On systems like CI and Heroku, this is much less the case and, if we want to provide our keypairs, we need a different way.

Keys As Environment Variables

When Chamber encrypts or decrypts values, it doesn't just look for key files, it also (and in fact first) looks for special environment variables.

In the case of the default key, it looks for:

  • CHAMBER_KEY
  • CHAMBER_PUBLIC_KEY

In the case of namespaced keys, it looks for:

  • CHAMBER_NAMESPACE_KEY
  • CHAMBER_NAMESPACE_PUBLIC_KEY

where NAMESPACE would be replaced by the actual namespace (eg PRODUCTION) (if you haven't read up on namespaced keys, you can do so here).

These environment variables should contain the verbatim data stored in the corresponding key file.

If you're deploying, you only need to set the private key. This means that if you're only using the default Chamber key, the only environment variable you need to set is CHAMBER_KEY.

Sending Your Private Keys

So now that we know we can set our private keys as environment variables, how do we do it?

Check out this page for information about integrating with some of the most popular cloud services.

Kompanee Logo Copyright ©2023

  1. Release News
  2. Gem Comparison
  3. 12-Factor App Rebuttal
  4. Environment Variable Problems
    1. Lack of Complex Values
    2. Organization
    3. Environment Sharing
    4. Team Member Syncing
    5. Environment Syncing
    6. Local Settings
    7. Tracking Changes
  5. Installation
    1. Initialization
    2. In a Ruby Project
    3. In a Rails Project
    4. In a Rails Engine
    5. In a Sinatra Project
    6. In a Padrino Project
    7. In a Hanami Project
  6. Basics
    1. File Layout
    2. Defining Settings
    3. Accessing Settings
    4. Namespace Basics
      1. Inline Namespaces
      2. Host-Based Settings
    5. Encryption Basics
      1. Encrypting Your Settings
      2. Accessing Encrypted Settings
    6. Environment Variables
  7. Defining Settings
    1. ERB Preprocessing
    2. Runtime Values
    3. Dynamic Templating
  8. Accessing Settings
    1. Dig
  9. Verifying Settings
  10. Namespaces
    1. File-Based Namespaces
    2. Mix and Match
    3. Custom Namespaces
  11. Environment Variables
    1. Coercions
  12. Integrations
    1. Git Commit Hooks
    2. Cloud Services
  13. Encryption
    1. Keypair Encryption
    2. What Keys Can Do
    3. Encrypting Nested Structures
    4. Namespaced Key Pairs
    5. Re-Securing
    6. Loading Keys from ENV
  14. Advanced Usage
    1. Manually Specifying Settings Files
    2. Outputting Your Settings
    3. Specifying Multiple Namespaces
    4. Handling Duplicates/Collisions
    5. Extending Chamber
  15. Command Line Reference
    1. init
    2. show
    3. files
    4. sign
    5. secure
    6. unsecure
    7. compare
Clone this wiki locally