-1

I'm hosting my application on Heroku with a Postgres DB addon. Reading the doc the credentials are rotated frequently so you need to access the DATABASE_URL env variable to connect to it, but Heroku exposes it only at runtime.

My problem is that I use sqlx in my Rust application, so I need the DB URL at compile time. I could do heroku config:get DATABASE_URL in the GH Actions workflow and pass it as an arg to heroku container:push, but I don't want to expose the credentials.

So how can access this variable at build time in a safe manner?

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Bamontan
  • 360
  • 1
  • 11
  • Do you really need access to the production DB, or can you compile against another DB with the same schema (which you'd presumably need for testing anyway)? – jonrsharpe Aug 19 '23 at 15:22
  • @jonrsharpe another DB with same schema would do it, but I don't have another DB accessible from github action with a static url/credentials – Bamontan Aug 19 '23 at 15:24
  • There is also the option in sqlx to not require a db connection at all called [offline mode](https://docs.rs/sqlx/latest/sqlx/macro.query.html#offline-mode-requires-the-offline-feature). – cafce25 Aug 19 '23 at 15:25
  • @cafce25 yes I'm aware of that, it's in my list of possible fixes for my problem, but I would like to see if there is a way to still compile against the DB – Bamontan Aug 19 '23 at 15:27
  • 2
    Just run one in a [service container](https://docs.github.com/en/actions/using-containerized-services/about-service-containers). This substantially reduces risk compared to giving your CI job access to the prod DB. – jonrsharpe Aug 19 '23 at 15:44
  • @jonrsharpe I did not know about service containers, I will look into it thanks you ! – Bamontan Aug 19 '23 at 15:51

0 Answers0