Skip to content

v0.6.0

Compare
Choose a tag to compare
@jacobobryant jacobobryant released this 21 Jan 03:05
· 188 commits to master since this release

Upgrade instructions

  • Follow the upgrade instructions for any previous releases.
  • Update your Biff dependency in deps.edn to {:tag "v0.6.0", :sha "b3027b9", ...}
  • Update your Biff dependency in tasks/deps.edn to {:tag "v0.6.0", :sha "b3027b9", :deps/root "tasks", ...}
  • Optional: follow the secrets management upgrade instructions below.
  • Optional: apply these changes to use Biff's reorganized middleware.
  • Optional: apply this change so that htmx requests will include the CSRF token even when they aren't inside a (biff/form ...).

Secrets management

In new projects, secrets are now stored in a secrets.env file instead of being kept in config.edn with the rest of your configuration. There is a new biff/use-secrets component which sets the :biff/secret key to a function which takes a single argument and returns the corresponding secret. For example, if secrets.env and config.edn contain the following:

# secrets.env
export POSTMARK_API_KEY=abc123

;; config.edn
{:prod {:postmark/api-key "POSTMARK_API_KEY"
...

Then calling (secret :postmark/api-key) would return "abc123".

This makes secrets management pluggable. If you wanted to store secrets somewhere else (like Hashicorp Vault), you could provide your own :biff/secret function. A second benefit is that it's easier to not shoot yourself in the foot--previously if you e.g. logged the value of the system map, the logs would contain all your secrets.

Upgrading

Apply the changes in this commit to your project:

  1. Remove the old biff/use-random-default-secrets component, and add the new biff/use-secrets component.
  2. Create a secrets.env file containing all your secrets. Be sure to include export on each line, otherwise they won't work in production.
  3. Edit config.edn and change the values of any secrets to be the name of the relevant environment variable (e.g. change :postmark/api-key "abc123" to :postmark/api-key "POSTMARK_API_KEY").
  4. Update your Clojure files to use the new :biff/secret function whenever you need to access a secret.
  5. If you've written custom tasks for bb dev, bb soft-deploy, bb deploy, or bb run-cmd, apply these changes.
  6. Add secrets.env to .gitignore

If you need different versions of a secret for dev and prod, you can store them in separate environment variables:

;; config.edn
{:prod {:stripe/secret-key "STRIPE_SECRET_KEY"
        ...}
 :dev {:stripe/secret-key "STRIPE_TEST_SECRET_KEY"
       ...}}

# secrets.env
export STRIPE_SECRET_KEY=foobar
export STRIPE_TEST_SECRET_KEY=bazquux

Changed

  • Biff's middleware has been simplified and made more REPL-friendly. All of the middleware can now be modified at runtime without needing to call biff/refresh.
  • XTDB has been upgraded from v1.22.1 to v1.23.0 (see the release notes).
  • Minor cleanup in the example project.