Keyfiles

[tomkersten]

Any thoughts on migrating the public/private keys for the server to be loaded only from environment variables (vs paths in the config file)?

[christiansmith]

Loading from environment variables is a great suggestion for production environments. There may be cases where, for convenience, loading from a local file makes sense too (development)? What do you think about supporting both? Environment variables are obviously better for deployment. Is there a good reason to completely disallow loading from the filesystem? If both are supported, what would be the right priority for loading? First check the env, then for files? Use the first found or override one with the other?

[tomkersten]

What if it was a JS file (vs JSON) which was required so the admin could use whichever method they preferred? For example:

var confg = {
  "issuer": "http://example.com",
  ...,
  "keypair": {
    "private": process.env.ANVIL_PRIVATE_KEY,
    "public": process.env.ANVIL_PUBLIC_KEY
  }
}

module.exports = config;

Thoughts?

[christiansmith]

What do you think about using files for development and environment variables for production? Trying this in the latest release unstable release 0.1.5. See 79f66d6

[tomkersten]

I think this would be fine. It's not something I feel strongly about, but I feel like you should be able to use an environment variable for either situation. However, 79f66d6 is a fine convention as well.

[christiansmith]

@tomkersten With the current "deployment repository" setup, the keys directory is ignored for deployment. When the server bootstraps it will look first for environment variables, then for files. If both are present, the files will override the env. This gives us the ability to use files or the vars to test the production env on localhost, and guides implementers toward using vars in production instead of files. Sound reasonable?

[tomkersten]

Seems reasonable.