Skip to content

Instantly share code, notes, and snippets.

@dominicsayers

dominicsayers/production_credentials.md

Last active August 29, 2015 14:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dominicsayers/82d24afa05f92b02e3f4 to your computer and use it in GitHub Desktop.
Save dominicsayers/82d24afa05f92b02e3f4 to your computer and use it in GitHub Desktop.
Download ZIP
Production credentials
Raw
production_credentials.md

Removing all secrets from the repo

  1. Deployment to production is from CircleCI.
  2. The deployment command is configured in circle.yml, which is checked into the repo and cannot contain any secrets.
  3. CircleCI can have env vars configured
  4. circle.yml is passed through ERB [check], so we can add secret parameters to the deployment command using erb, e.g. foreplay deploy production -u <%= ENV['DEPLOYMENT_USERNAME'] %> -p <%= ENV['DEPLOYMENT_PASSWORD'] %>
  5. The secret credentials can be used to connect to a remote service and download the remainder of the production secrets.
  6. The secrets can be included in the .env file created by Foreplay and become part of the production runtime environment.
@dominicsayers
Copy link
Author

Need to choose a default remote service: SFTP? S3? Postgresql?
Need to hack Foreplay to connect and download from the service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment