In this post, we are going to take a look at how securely we can store our confidential information like security keys, api keys and similar stuff in
.env files and use them in our Common Lisp web applications.
If you want some refresher about writing Common Lisp web applications, I have already written a post about it here.
Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology. In Common Lisp, we have an awesome library called
cl-dotenv created by Olle Lauri Boström to load information from
.env files and pass it along to our web apps.
The package is available through Quicklisp.
You can call the
load-env function to load the environment from the specified .env file. You can also use any of the available nicknames
(.env:load-env (merge-pathnames "./path/.env"))
If you are inside any web application framework or a Lisp project like
Caveman, say for example a project called
Let's say you have a
.env file like this:
#.env file API_KEY=1234XXXX
you can use the following snippet to load the
.env file inside your project root folder.
(.env:load-env (asdf:system-relative-pathname "cl-hello" "./.env")) (defvar *api-key* (uiop:getenv "API_KEY")) (print *api-key*)