Secret Management

The Ellemment Stack implements secure secret management through environment variables and Fly.io's secret management system.

Security Warning

Never hard-code secrets in source code:

Source maps expose secrets
Security vulnerability risk
Compliance violations
Accidental exposure

Development Environment

Example Configuration

Add placeholder to .env.example:

# API Configuration
API_KEY=your_api_key_here
DATABASE_URL=your_database_url
STRIPE_SECRET=your_stripe_secret

Create local .env:

# Real development values (gitignored)
API_KEY=actual_development_key
DATABASE_URL=actual_database_url
STRIPE_SECRET=actual_stripe_key

Offline Development

Support offline development through:

Mock Services:

// test/mocks/api.ts
export const handlers = [
  rest.get('/api/data', (req, res, ctx) => {
    return res(ctx.json({ data: 'mocked response' }))
  }),
]

Test Configuration:

// test/setup.ts
import { server } from './mocks/server'
beforeAll(() => server.listen())
afterEach(() => server.resetHandlers())
afterAll(() => server.close())

Production Management

Setting Secrets

Deploy secrets to production:

# Production
fly secrets set API_KEY=production_key
,[object Object],
fly secrets set API_KEY=staging_key --app [YOUR_STAGING_APP_NAME]

Multiple Secrets

Set multiple secrets simultaneously:

fly secrets set \
  DATABASE_URL=url_here \
  API_KEY=key_here \
  JWT_SECRET=secret_here

Best Practices

Secret Organization

Group related secrets
Use clear naming conventions
Document requirements
Version secret formats

Security Measures

Rotate secrets regularly
Use strong values
Limit access
Audit usage

Development Flow

Use example values
Mock external services
Document requirements
Test configurations

Implementation Guide

Environment Setup

// config/environment.ts
import { z } from 'zod'
,[object Object],
export function validateEnv() {
const env = envSchema.safeParse(process.env)
if (!env.success) {
console.error('Invalid environment variables:', env.error.toString())
process.exit(1)
}
return env.data
}

Secret Usage

// utils/api.ts
import { validateEnv } from '../config/environment'
,[object Object],
export async function apiCall() {
return fetch('api/endpoint', {
headers: {
'Authorization': ,[object Object],
}
})
}

Local Development

// test/setup-env.ts
import { loadEnvConfig } from '@next/env'
export function setupTestEnv() {
const projectDir = process.cwd()
loadEnvConfig(projectDir)
}

For more information about security considerations, see the security documentation. For deployment details, refer to the deployment documentation.

Documentation

Getting Started

Core Architecture

Performance & Security

Frontend Resources

Operations

Other Resources

Settings