Extension to the crystal lang ENV module to support reading secrets
1.1.0 Latest release released


Build Status

Extends the behaviour of the crystal-lang ENV module to read values injected by docker secrets, kubernetes secrets and other orchestration tools.


  1. Add the dependency to your shard.yml:

        github: place-labs/secrets-env
  2. Run shards install


require "secrets-env"

Use the SECRETS_PATH environment variable to specify the volume used for secrets injection. If unspecified this will default to /run/secrets.

ENV may then be used as per the standard API. Values fetch from (in order of priority):

  1. environment variable
  2. secret of the same name
  3. fallback (if specified)

Note: attempts to update the environment ([]=) will apply this as an env var. Secrets are immutable. Once set as env vars take preference over secrets, the new value is readable by the current machine, but is ephemeral.

Additionally, ENV.accessed is a compile-time record of all accesses to the ENV variable across the program.


  1. Fork it (
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request


  github: place-labs/secrets-env
  version: ~> 1.1.0
License MIT
Crystal 0.34


Dependencies 0

Development Dependencies 1

  • ameba
    {'github' => 'crystal-ameba/ameba'}

Dependents 1

Last synced .
search fire star recently