Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Production credentials

Removing all secrets from the repo

  1. Deployment to production is from CircleCI.
  2. The deployment command is configured in circle.yml, which is checked into the repo and cannot contain any secrets.
  3. CircleCI can have env vars configured
  4. circle.yml is passed through ERB [check], so we can add secret parameters to the deployment command using erb, e.g. foreplay deploy production -u <%= ENV['DEPLOYMENT_USERNAME'] %> -p <%= ENV['DEPLOYMENT_PASSWORD'] %>
  5. The secret credentials can be used to connect to a remote service and download the remainder of the production secrets.
  6. The secrets can be included in the .env file created by Foreplay and become part of the production runtime environment.

This comment has been minimized.

Copy link
Owner Author

@dominicsayers dominicsayers commented Apr 24, 2015

Need to choose a default remote service: SFTP? S3? Postgresql?
Need to hack Foreplay to connect and download from the service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.