Secrets are a secure way to use environment variables in your DataSource.Http requests. The actual environment variable value is used to perform DataSource.Http requests, while the masked value is the only thing that ends up in your built site. Let's go through what happens in a concrete example:
Let's say you execute this from the shell:
GITHUB_TOKEN=abcd1234 API_KEY=xyz789 elm-pages build
And your DataSource.Http request in your Elm code looks like this:
import Pages.Secrets as Secrets
import DataSource.Http
DataSource.Http.request
(Secrets.succeed
(\apiKey githubToken ->
{ url = "https://api.github.com/repos/dillonkearns/elm-pages?apiKey=" ++ apiKey
, method = "GET"
, headers = [ ( "Authorization", "Bearer " ++ githubToken ) ]
, body = DataSource.Http.emptyBody
}
)
|> Secrets.with "API_KEY"
|> Secrets.with "BEARER"
)
(Decode.succeed ())
)
The following masked values are what will be visible in your production bundle if you inspect the code or the Network tab:
[GET]https://api.github.com/repos/dillonkearns/elm-pages?apiKey=<API_KEY>Authorization : Bearer <BEARER>
So the actual Secrets only exist for the duration of the build in order to perform the DataSource.Http requests, but they
are replaced with <SECRET_NAME>
once that step is done and your assets are bundled.
Secrets.Value value
Represents a Secure value from your environment variables. Pages.Secrets.Value
s are much like Json.Decode.Value
s
in that you can take raw values, map them, and combine them with other values into any data structure.
map : (valueA -> valueB) -> Value valueA -> Value valueB
Map a Secret's raw value into an arbitrary type or value.
succeed : value -> Value value
Hardcode a secret value. Or, this can be used to start a pipeline-style value with several different secrets (see the example at the top of this page).
Warning: a hardcoded value is not protected by masking! Make sure to to use Secrets.with
to fetch sentitive values from environment variables.
import Pages.Secrets as Secrets
Secrets.succeed "hardcoded-secret"
with : String -> Value (String -> value) -> Value value
Allows you to chain together multiple secrets. See the top of this page for a full example.