What s the best practice way to handle secret configs with K kotlinlang #ktor

What's the "best practice" way to handle secret configs with Ktor ? At first I though I could use the application.conf file and inject env variables like the following snippet. But it seems that we can access the values in application.conf only from the Application.kt file (https://ktor.io/docs/configuration-file.html#read-configuration-in-code). It seems a bit impractical to get the secret values in the Application.kt and dispatch them in the various services that need them (like DB related services, JWT tokens management services, ...) Should we directly get env variables (example: System.getenv("MONGO_URI")) where they are needed or is there a way to access values from application.conf from everywhere in the app ?

ktor {
    deployment {
        port = 8080
    }
    application {
        modules = [ com.app.ApplicationKt.module ]
    }
    jwt {
        secret = ${?JWT_SECRET}
        issuer = ${?JWT_ISSUER}
        validity_ms = ${?JWT_VALIDITY}
    }
    mongo {
        uri = ${?MONGO_URI}
    }
}

@Sergey Aldoukhov Yes, of course that's what I'm doing 🙂 My question is more about how to access these values the correct way with Ktor. Should I use the application.conf (like the snippet above

secret = ${?JWT_SECRET})

) but then I need to collect all the values in Application.kt and dispatch them everywhere in the app. Or should I directly get them where they are needed (like JWT Service creation) without using application.conf.

Sergey Aldoukhov

05/15/2023, 9:48 PM

I don’t think there is a “best practice” for this, whatever feels nicer to you. Personally, I like to fetch them on start and keep them in a singleton dedicated to the secrets.

2 Views

#ktor Join Slack