In this post, we are going to take a look at how securely we can store our confidential information like security keys, api keys and similar stuff in .env files and use them in our Common Lisp web applications.
If you want some refresher about writing Common Lisp web applications, I have already written a post about it here.
Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology. In Common Lisp, we have an awesome library called cl-dotenv created by Olle Lauri Bostrรถm to load information from .env files and pass it along to our web apps.
Installation
The package is available through Quicklisp.
(ql:quickload :cl-dotenv)
Usage
You can call the load-env function to load the environment from the specified .env file. You can also use any of the available nicknames cl-dotenv, .env or dotenv.
(.env:load-env (merge-pathnames "./path/.env"))
If you are inside any web application framework or a Lisp project like Caveman, say for example a project called cl-hello,
Let’s say you have a .env file like this:
#.env file
API_KEY=1234XXXX
you can use the following snippet to load the .env file inside your project root folder.
(.env:load-env (asdf:system-relative-pathname "cl-hello" "./.env"))
(defvar *api-key* (uiop:getenv "API_KEY"))
(print *api-key*)
Leave a Reply