profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/fireproofsocks/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Everett Griffiths fireproofsocks Fireproof Socks Earth

fireproofsocks/dto 75

Data Transfer Object (DTO) in PHP using JSON Schema

fireproofsocks/dotenvy 23

An Elixir port of the Ruby dotenv package

opengeek/tacit 10

Tacit is a high-performance REST server framework for PHP built on the Slim framework

fireproofsocks/xray 3

Offers utility functions for inspecting string binaries and code points in Elixir

fireproofsocks/cowrie 2

Cowrie helps you print beautiful and consistent Terminal output to the Shell of your Elixir apps using familiar functions inspired by HTML

fireproofsocks/figlet 1

Elixir support of Figlet

fireproofsocks/jenerator 1

Generates valid seed data from JSON Schema definitions

fireproofsocks/pockets 1

Pockets is an Elixir wrapper around Erlang :ets and :dets, a disk-based term storage

fireproofsocks/tacocat 1

A playful collection of Elixir text effects including upside down and backwards

issue commentonkel-dirtus/logger_file_backend

colors on log file

Colors in the terminal are implemented via ANSI codes -- these are extra characters that get added. They are nice for iex sessions, but I don't think you want these written as literal output to a log file because they make parsing the log file that much more difficult.

riccardomanfrin

comment created time in 17 days

pull request commentonkel-dirtus/logger_file_backend

Misc doc changes

Thanks! Although I have have write access to the repo, I can't actually push updates to hex until Issue #75 gets resolved. I have contacted hex support and tried to draw attention to it in hopes that it can be quickly resolved, otherwise, we'll have to fork the repo and publish under a separate package name.

kianmeng

comment created time in 18 days

issue commentfireproofsocks/figlet

suggestion - use iO lists for joining strings

Thanks! Any chance you could put this in a PR?

dkuku

comment created time in 23 days

issue openedonkel-dirtus/logger_file_backend

Add fireproofsocks as hex.owner

Is it possible for you to run the mix hex.owner task to either add me as another owner of this Hex package or transfer the package to me? That way I can release the patched versions in hex.pm. Without this, we cannot release updates to this package.

created time in a month

issue closedfireproofsocks/dotenvy

Feature request: unload env vars after use?

Tentative feature request: for additional security, would you consider (optionally) unloading the loaded env vars after startup? That would ensure that sensitive data doesn't remain in the environment and hence cannot be dumped/read later on.

closed time in a month

starkeepers

issue commentfireproofsocks/dotenvy

Feature request: unload env vars after use?

I've released v0.5.0 with PR #8 Let's open a new issue if further refinements/improvements/fixes are needed.

starkeepers

comment created time in a month

created tagfireproofsocks/dotenvy

tagv0.5.0

An Elixir port of the Ruby dotenv package

created time in a month

delete branch fireproofsocks/dotenvy

delete branch : refactor-storage

delete time in a month

push eventfireproofsocks/dotenvy

Everett Griffiths

commit sha 7ad8ceb25242c39aa389b5b639a310e90284124e

Refactors source side_effect to store values in Application process dictionary

view details

Everett Griffiths

commit sha c4c614df1c9c4c440dabfd002e7a010c6d09918e

Bumps version to v0.5.0; updates docs

view details

Everett Griffiths

commit sha a4452b4765830c546aad1c1740019691b41274a5

Refactors to store values in the Process dictionary (not in Application)

view details

Everett Griffiths

commit sha b5ab404c82f4fe13dd8ff57d0627db214a55f7ad

Updates example in docs

view details

Everett Griffiths

commit sha cd109984a5e57f3fbaf360ac425c1d4b382e719f

Merge pull request #8 from fireproofsocks/refactor-storage Refactor storage: v0.5.0

view details

push time in a month

PR merged fireproofsocks/dotenvy

Refactor storage: v0.5.0

This PR refactors the side-effect used by the Dotenvy.source/2 and source!/2 functions so that it stores the merged values inside the Application process dictionary instead of inside the System. Internally, this now does this: Application.put_env(:dotenvy, :vars, source_vars)

This should improve the security posture of the app because it no longer "leaks" values back into the system environment.

Note that this PR does not deal with the cleanup of the variables set inside Application; it's a bit weird that you can simply do Application.put_env(:some_arbitrary_app, :key, "value")... the app doesn't need to be exist.

+44 -32

0 comment

5 changed files

everettvody

pr closed time in a month

pull request commentzyro/elixir-uuid

Add :crypto to extra_application and update mix.lock

If maintaining this package is burdensome, I'd be happy to help out -- I'd just need permissions granted in Github and in hex.

wingyplus

comment created time in 2 months

push eventfireproofsocks/dotenvy

Everett Griffiths

commit sha b5ab404c82f4fe13dd8ff57d0627db214a55f7ad

Updates example in docs

view details

push time in 2 months

issue commentfireproofsocks/dotenvy

Feature request: unload env vars after use?

Ha! Good point -- I sheepishly admit that I had conflated the Application with the Process dictionary. One more commit pushed up...

starkeepers

comment created time in 2 months

push eventfireproofsocks/dotenvy

Everett Griffiths

commit sha a4452b4765830c546aad1c1740019691b41274a5

Refactors to store values in the Process dictionary (not in Application)

view details

push time in 2 months

issue commentfireproofsocks/dotenvy

Feature request: unload env vars after use?

Thank you @dch , @starkeepers , and @lud for your input.

I have a PR up that implements changes in the side_effect: https://github.com/fireproofsocks/dotenvy/pull/8 If anyone has time/interest to check it out and provide feedback that would be great -- I'll leave that PR open for a day or so before I merge and tag it just in case additional changes are required.

Thanks again!

starkeepers

comment created time in 2 months

create barnchfireproofsocks/dotenvy

branch : refactor-storage

created branch time in 2 months

issue commentfireproofsocks/dotenvy

Feature request: unload env vars after use?

The more I think about the merge function, the more I think that it might be subtly smelly. E.g. if you were handed a merged bunch of values, they would all be strings, so you'd need to convert them. You could either do something like

{:ok, vars} = merge([".env1", ".env2", ...])

config :myapp, 
  :host, Dotenvy.Transformer.to!(vars["HOST"], :string),
  :port, Dotenvy.Transformer.to!(vars["PORT"], :integer!)

OR, you could transform merged values via a transforms option, e.g.

{:ok, vars} = merge([".env1", ".env2", ...], transforms: %{
    "HOST" => :string, 
    "PORT" => :integer?, 
    "OPTIONAL" => [:module, SomeDefaultValue]
})

config :myapp, 
  :host, Map.fetch!(vars, "HOST")

but this also feels inelegant.

Let's start with the changes that will write vars to the process dictionary and go from there.

starkeepers

comment created time in 2 months

issue commentfireproofsocks/dotenvy

Feature request: unload env vars after use?

Thank you @starkeepers and @lud for the continued discussion; I appreciate your input and feedback.

Is there any concern about writing values to the Application's process dictionary? It is redundant storage because the values will be eventually read into other locations within the same dictionary, so should we consider the effects of loading up large numbers of variables? I'm unclear on whether storing the variables in the process dictionary offers any greater security than storing them in the OS process' system ENVs. Regardless, I don't see any difficulty in refactoring the existing source functions to put values into the Application process dictionary and adapting the env! functions to read from it.

That might obviate the need for a merge function entirely.

starkeepers

comment created time in 2 months

issue commentfireproofsocks/dotenvy

Feature request: unload env vars after use?

I keep thinking about how to best implement this. Possibly the easiest first step would be to implement a function like @lud described: one whose side effect is to write to the Application process dictionary (when I first sketched out this package, I had included a merge/2 function that would simply merge values without a side-effect, so this idea isn't so foreign). Per @starkeepers points, offering a function like that would help avoiding unintended (i.e. insecure) side effects.

I'm not as clear about adding multiple data sources to the env!/2 function, however. When a value might come from multiple places it becomes less what the function is actually doing -- you might end up with a headache debugging where values are actually coming from. The source code for the env!/2 function could easily be modified if the System module were replaced with the Application module (thus Application.fetch_env instead of System.fetch_env etc). I'm wondering if it might be acceptable UI/UX if you had to do import Dotenvy.Secure or maybe even tap into use by doing something like use Dotenvy, store: Application. There are a few other considerations that might pop up there (specifically because System ENV always arrive as strings, whereas items stored in the process dictionary may be any valid Elixir term), but I thought it would be worthwhile mentioning the idea here in the relevant ticket.

starkeepers

comment created time in 2 months

issue closedfireproofsocks/dotenvy

Integer casting is not properly caught

** (ArgumentError) errors were found at the given arguments:

  * 1st argument: not a textual representation of an integer

    :erlang.binary_to_integer("HAHA")

I can submit a PR if you agree with my strategy: only wrap the to! call in a try/rescue, and add when is_binary(variable) to the env!/ functions.

closed time in 2 months

lud

issue commentfireproofsocks/dotenvy

Integer casting is not properly caught

I have improved the error messaging with PR #7 -- this isn't anywhere as thorough as your macro solution above, but it should help users identify the source of problematic values: the name of the ENV variable is now included with the error.

lud

comment created time in 2 months

push eventfireproofsocks/dotenvy

Everett Griffiths

commit sha ae9acbb2328df59e56df598d34aabb1f66092caf

Clarifies error messaging

view details

Everett Griffiths

commit sha 25b3b82228ed2e3ab6ad0bd939c27622af954bc6

Bumps version to v0.4.1

view details

Everett Griffiths

commit sha e7bce022a13d56a65a36577061171d16a9931e57

Merge pull request #7 from fireproofsocks/improved-error-messages Improved error messages

view details

push time in 2 months

PR merged fireproofsocks/dotenvy

Improved error messages

This PR adds better error messaging for cases when a string cannot be converted to an integer or float. This resolves issue #5

+41 -5

0 comment

5 changed files

fireproofsocks

pr closed time in 2 months

PR opened fireproofsocks/dotenvy

Improved error messages

This PR adds better error messaging for cases when a string cannot be converted to an integer or float. This resolves issue #5

+41 -5

0 comment

5 changed files

pr created time in 2 months

create barnchfireproofsocks/dotenvy

branch : improved-error-messages

created branch time in 2 months

issue commentfireproofsocks/dotenvy

Integer casting is not properly caught

Thank you for this thorough explanation!

lud

comment created time in 2 months

issue commentfireproofsocks/dotenvy

Integer casting is not properly caught

Thanks! Can you share what you mean by using a macro here to pinpoint the file/line? I'd like to improve the error messaging if possible.

lud

comment created time in 2 months

issue commentfireproofsocks/dotenvy

Integer casting is not properly caught

This makes sense. Thank you for elaborating.

lud

comment created time in 2 months

created tagfireproofsocks/dotenvy

tagv0.4.0

An Elixir port of the Ruby dotenv package

created time in 2 months

push eventfireproofsocks/dotenvy

Everett Griffiths

commit sha 72fdeb76b8746b44dcec1755ba7475e1a4f7c1b9

Bumps to version 0.4.0

view details

push time in 2 months