What's the "best practice" way to handle secret co...
# ktor
r
What's the "best practice" way to handle secret configs with Ktor ? At first I though I could use the application.conf file and inject env variables like the following snippet. But it seems that we can access the values in application.conf only from the Application.kt file (https://ktor.io/docs/configuration-file.html#read-configuration-in-code). It seems a bit impractical to get the secret values in the Application.kt and dispatch them in the various services that need them (like DB related services, JWT tokens management services, ...) Should we directly get env variables (example: System.getenv("MONGO_URI")) where they are needed or is there a way to access values from application.conf from everywhere in the app ?
Copy code
ktor {
    deployment {
        port = 8080
    }
    application {
        modules = [ com.app.ApplicationKt.module ]
    }
    jwt {
        secret = ${?JWT_SECRET}
        issuer = ${?JWT_ISSUER}
        validity_ms = ${?JWT_VALIDITY}
    }
    mongo {
        uri = ${?MONGO_URI}
    }
}
@Sergey Aldoukhov Yes, of course that's what I'm doing 🙂 My question is more about how to access these values the correct way with Ktor. Should I use the application.conf (like the snippet above
secret = ${?JWT_SECRET})
) but then I need to collect all the values in Application.kt and dispatch them everywhere in the app. Or should I directly get them where they are needed (like JWT Service creation) without using application.conf.
s
I don’t think there is a “best practice” for this, whatever feels nicer to you. Personally, I like to fetch them on start and keep them in a singleton dedicated to the secrets.
👍 1