I was tired of building bespoke static HTML sites and having to decide if I wanted to use GatsbyJS or just hand code all of the HTML. I decided to build a tool to solve my problem!

Hey, I'm getting a 404 on your website

Which URL?

For reference:

The GitHub repo: https://github.com/camsjams/rust-coal

The Documentation: https://camsjams.github.io/rust-coal/

Similar to the plot of a fairly good Eddie Murphy film: https://en.wikipedia.org/wiki/The_Distinguished_Gentleman

Do you store your API keys and other sensitive data with a site that doesn't even have a page discussing their encryption or security practices? Their privacy policy mentions they secure data with SSL protocol...

Who has access to each client's database? Is it audited? Is it encrypted at rest? I'm sure it is, but Config.ly would be wise to add this information to avoid fears.

Also you can store encrypted secrets in Git just fine, there are a number of methods to do so very safely.

Thanks for the feedback. The goal right now is not to store sensitive data in Config.ly - your read API keys will be on your clients - and so in theory anyone who can read that source code can fetch your keys.

> Who has access to each client's database? Is it audited? Is it encrypted at rest? I'm sure it is, but Config.ly would be wise to add this information to avoid fears.

This is great feedback, thank you.

Ohhh, that's such a great idea. I've done that before for TravisCI, now that I remember, it's really slick.

https://docs.travis-ci.com/user/environment-variables/#defin...

Nice! I made something similar to this: https://github.com/camsjams/mr-roboto

With a slight difference, it works 100% in the browser, you can use it here: https://camsjams.github.io/mr-roboto/

But you need to store the output somewhere safe.

Nice. I guess the big difference is the key used for the symmetric encryption. I'm using PBKDF2 to derive the final key to make it harder to brute force in case you get the HTML file.