Support env var references for Stripe API keys#132
Merged
reshmabidikar merged 1 commit intokillbill:pr-132from Feb 20, 2026
Merged
Support env var references for Stripe API keys#132reshmabidikar merged 1 commit intokillbill:pr-132from
reshmabidikar merged 1 commit intokillbill:pr-132from
Conversation
Allow operators to reference environment variables in tenant config
using ${env:VAR_NAME} syntax so that Stripe API keys never enter the
database. Existing plaintext configurations continue to work unchanged.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
reshmabidikar
approved these changes
Feb 19, 2026
Contributor
reshmabidikar
left a comment
reshmabidikar
left a comment
There was a problem hiding this comment.
There are some ci failures, could you look at those?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
${env:VAR_NAME}syntax for Stripe API key config so secrets never enter the databaseStripeConfigPropertiesforapiKeyandpublicKeyThis is a lighter alternative to #131. That PR adds AES-256-GCM encryption (
ENC()) + env var references. This PR takes a simpler approach: env var references only, with no crypto code. Both are backward compatible. See #131 for the encryption approach if multi-tenant per-DB-row secrets are needed.Test plan
TestStripeConfigPropertyResolver.testPlaintextPassthrough— raw values returned as-isTestStripeConfigPropertyResolver.testNullPassthrough— null handled gracefullyTestStripeConfigPropertyResolver.testEnvVarResolution—${env:HOME}resolves correctlyTestStripeConfigPropertyResolver.testEnvVarNotSetFails— missing env var throwsIllegalStateExceptionTestStripeConfigPropertyResolver.testBackwardCompatibilityWithStripeConfigProperties— existing plaintext config works throughStripeConfigProperties🤖 Generated with Claude Code