Deploy without exposing keys in git.

[FdezAriasSara]

Good morning, @pglez82

We managed to deploy the website, and even access it from http://lomapen3b.francecentral.cloudapp.azure.com/, but as the other group said, we cannot login to inrupt, since our website has no tls certificate and therefore it is not using https.

After few attempts described in the wiki, i came up across a solution that basically suggests generating the certificates with openssl, and then , changing the package.json so it runs the app like this:

“start”: “export HTTPS=true&&SSL_CRT_FILE=cert.pem&&SSL_KEY_FILE=key.pem react-scripts start”,

Im stuck here...

I dont understand how could i make this work without exposing secrets as the .env file or the certificates themselves... Since what we do is to generate a docker image from what we have in the repo, I dont understand how can this be done....

Also for he google maps key. Localy i totally understand the usage of enviroment variables, but i really dont understand how can i make this work with the docker image without, again , exposing them in our repo..

P.S: The only other options i can think of right now (that do not involve paying) are the following:

• trrying a windows server, which seems problematic with docker but ... 90% of youtube tutorials (even azure tutorial for tls certificates ) use this server so..
• using https://render.com/ which does support continuous integration with git, but for which i need to request Arquisoft organization permission to use

other than these... im running out of ideas...

Thank you in advance, i hope I explained myself properly

Sara.

[pglez82]

Check the info here, as they are having the same issue:

https://github.com/Arquisoft/lomap_en3a/issues/106