v0.6.0
Upgrade instructions
- Follow the upgrade instructions for any previous releases.
- Update your Biff dependency in
deps.edn
to{:tag "v0.6.0", :sha "b3027b9", ...}
- Update your Biff dependency in
tasks/deps.edn
to{:tag "v0.6.0", :sha "b3027b9", :deps/root "tasks", ...}
- Optional: follow the secrets management upgrade instructions below.
- Optional: apply these changes to use Biff's reorganized middleware.
- Optional: apply this change so that htmx requests will include the CSRF token even when they aren't inside a
(biff/form ...)
.
Secrets management
In new projects, secrets are now stored in a secrets.env
file instead of being kept in config.edn
with the rest of your configuration. There is a new biff/use-secrets
component which sets the :biff/secret
key to a function which takes a single argument and returns the corresponding secret. For example, if secrets.env
and config.edn
contain the following:
# secrets.env
export POSTMARK_API_KEY=abc123
;; config.edn
{:prod {:postmark/api-key "POSTMARK_API_KEY"
...
Then calling (secret :postmark/api-key)
would return "abc123"
.
This makes secrets management pluggable. If you wanted to store secrets somewhere else (like Hashicorp Vault), you could provide your own :biff/secret
function. A second benefit is that it's easier to not shoot yourself in the foot--previously if you e.g. logged the value of the system map, the logs would contain all your secrets.
Upgrading
Apply the changes in this commit to your project:
- Remove the old
biff/use-random-default-secrets
component, and add the newbiff/use-secrets
component. - Create a
secrets.env
file containing all your secrets. Be sure to includeexport
on each line, otherwise they won't work in production. - Edit
config.edn
and change the values of any secrets to be the name of the relevant environment variable (e.g. change:postmark/api-key "abc123"
to:postmark/api-key "POSTMARK_API_KEY"
). - Update your Clojure files to use the new
:biff/secret
function whenever you need to access a secret. - If you've written custom tasks for
bb dev
,bb soft-deploy
,bb deploy
, orbb run-cmd
, apply these changes. - Add
secrets.env
to.gitignore
If you need different versions of a secret for dev and prod, you can store them in separate environment variables:
;; config.edn
{:prod {:stripe/secret-key "STRIPE_SECRET_KEY"
...}
:dev {:stripe/secret-key "STRIPE_TEST_SECRET_KEY"
...}}
# secrets.env
export STRIPE_SECRET_KEY=foobar
export STRIPE_TEST_SECRET_KEY=bazquux
Changed
- Biff's middleware has been simplified and made more REPL-friendly. All of the middleware can now be modified at runtime without needing to call
biff/refresh
. - XTDB has been upgraded from v1.22.1 to v1.23.0 (see the release notes).
- Minor cleanup in the example project.