Update: I’ve recently changed some of the original config with generating the secret keys. Unfortunately, I found my original method was incorrect as I was referencing an article that was written for Guardian v0.8. I’ve also added configuration for GuardianDb’s ExpiredSweeper worker.
If you’re rolling out your own user authentication in an Elixir & Phoenix application, you’ll most likely want to use Guardian and GuardianDb to manage your JSON Web Tokens (JWTs). Utilizing both libraries allows you to be able to revoke expired tokens from a client from the server side of things instead of relying on the client “forgetting”…
As programmers, it’s important to protect our applications in every way we possibly can. This includes preventing your production configurations and secret keys from falling into the wrong hands. If someone gains access to these, they could easily bring your application to its knees. Don’t become a victim!
Keeping Production Configurations Safe in Phoenix
Whenever you create a new project in Phoenix, the framework will create a “prod.secret.exs” config file that is meant to store sensitive configuration and is ignored by version control. If you’re hosting your project yourself on AWS or DigitalOcean, it’s important to store all of your sensitive configurations like your application endpoint’s…
Eric Kipnis
Back-end Developer. Elixir & Phoenix enthusiast.
