hide .env credentials

.gitignore

@@ -19,6 +19,8 @@ target/
 *.sqlite-*
 .env
 .env.production
+.envrc
+.direnv/
 uploads/
 *.report.html
 favicon_io.zip

config/development.yaml

@@ -45,19 +45,24 @@ workers:
 
 # Mailer Configuration.
 mailer:
-  # SMTP mailer configuration.
+  # SMTP mailer configuration. Defaults target a local catcher (MailHog/Mailpit
+  # on localhost:1025); set the SMTP_* env vars to point at a real server. The
+  # auth block is only emitted when SMTP_PASSWORD is provided, so the secret is
+  # never stored here — pass it in at launch (e.g. from `pass`).
   smtp:
     # Enable/Disable smtp mailer.
-    enable: true
+    enable: {{ get_env(name="SMTP_ENABLE", default="true") }}
     # SMTP server host. e.x localhost, smtp.gmail.com
-    host: localhost
+    host: "{{ get_env(name="SMTP_HOST", default="localhost") }}"
     # SMTP server port
-    port: 1025
+    port: {{ get_env(name="SMTP_PORT", default="1025") }}
     # Use secure connection (SSL/TLS).
-    secure: false
-    # auth:
-    #   user:
-    #   password:
+    secure: {{ get_env(name="SMTP_SECURE", default="false") }}
+{% if get_env(name="SMTP_PASSWORD", default="") != "" %}
+    auth:
+      user: "{{ get_env(name="SMTP_USER", default="") }}"
+      password: "{{ get_env(name="SMTP_PASSWORD", default="") }}"
+{% endif %}
     # Override the SMTP hello name (default is the machine's hostname)
     # hello_name: