Since Rails 5, Rails has had an encrypted credentials.enc file which you can use to store secrets like API tokens and passwords.

I’ve come to see the shortcomings of this approach, and now I’m back to the traditional way of storing secrets on environment variables.

Although it might be a simpler solution when starting out a new project, the long-term problems of credentials.enc are significant. For example: with Rails’ credentials, updating secrets is typically tied to redeploying of the app, which is much slower than simply restarting a VM (what you would do if you were using ENVs).

But the biggest drawback of using Rails’ credentials is that it inevitably leads to having more than one source of truth for your project’s secrets: eventually your project will have extra-Rails dependencies, and they obviously won’t read from Rails’ credentials. So you’ll end up with some API keys defined in credentials.enc, and some others defined elsewhere, like a .env. Better, then, to use .env from the start, and use something like Infisical for management and team access.

TLDR We launched Podlettr - go check it out!

For nearly two years, me and my good friend Sérgio Fontes, an accomplished product designer, have been working on Podlettr - a great way to quickly catch up with your favourite podcasts. As the name implies, Podlettr is a letter from your podcasts. Reading is faster than listening, and with some AI magic, we convert hours worth of podcasts into beautiful, easy-to-read weekly newsletters.

We both have demanding full-time jobs and family duties, so we had to be pragmatic with the frameworks and architecture choices we made. Rails was my obvious framework of choice. Within weeks of the initial idea, we had a working prototype.