joshpencheon
commented
4 years ago @bshand: we'd talked previously about potentially supporting a directory structure with some sort of mirroring or significance - have you got any thoughts on that, or any others generally?
In our current NDR-model deployment approach,
credentials.yml.enc(and other YAML files using the RailsEncryptedmechanisms) are preloaded onto servers out-of-band from deployments, and symlinked into releases. If they need to be updated, there are a number of hoops to jump through due to read-only filesystems.Ideally, capistrano would be able to be configured to search the key store repository for matching file(s), and deploy them to the server; both as part of a standard deployment, as well as via a standalone task (e.g. for key rotations).