[idea] load directly from ejson

[burke]

This would require some unfortunate linking or rewriting but it would be kind of excellent to have a single (env/load-from-ejson "config/secrets.ejson" ".env") or something. This would load that ejson file, decrypt it, identify the subtree of environment map, and load it as name/value pairs.

Challenges:

• Would require an additional change detection feature
• A bit more expensive than current evaluation
• New failure modes (key not present, key invalid, ciphertext invalid, JSON invalid, file missing)
• ejson is written in go so we couldn't trivially import it as a lib, and I don't love the idea of shelling out.
• Reimplementing just the decryption side of ejson would be annoying and feels wrong, but maybe not so bad: would be pretty easy and we already have dalek-ed25519 which would be most of the right libraries.

Benefits:

• Disincentivizes writing decrypted secrets to disk
• Appealingly nice integration between our tools.

[tobi]

that being said, we should also disincentive having decrypted secrets in ENV as env can leak in debug messages (has happened before). I think having the encrypted parts in env and having easy decription client libraries available would be good.

this may be too much of a change but have we considered age/rage here? Very very good tools topically related to this.

[burke]

Yeah, that's a good point, we should instead at least try to normalize a pattern that leaves them encrypted until required.

[dpetrick]

@burke I spent a little time here and there and I have a working proof of concept for the Rust side decryption. Turns out it's a manageable amount of code. I'll integrate a prototype into shadowenv these days so we can iterate on the idea.