Demo site ADMIN_PASSWORD leaked in video

[edisim]

The password lXZuW6w8mBBHFoqHJ6k7k1 is briefly seen in the demo video. I was able to log in and create a post on the demo site with it.

[keybits]

Interesting, thanks for sharing. I did a redeploy with a new password after doing the recording, but looks like it didn't get applied.

That raises the interesting question. 'How do you change the password?' if a new one doesn't get applied on a redeploy (perhaps as there were no code changes).

I'm not too concerned about people seeing that password - we considered sharing a demo site and password for people to try.

cc @michael

[michael]

Oh, when it doesn't get applied that's a signal that the new env vars don't get picked up correctly. Does a fly apps restart help? I think we should generally look into a more idiomatic way to provide env vars and managing secrets. I still feel a bit lost myself on redeploys.

And then again, that's for self-hosters. It needs to get much simpler for non-technical users once we have the hosted version up.

[keybits]

Does a fly apps restart help?

Nope

I think we should generally look into a more idiomatic way to provide env vars and managing secrets.

Agreed.

Looks like the preferred approach is to use .env: https://kit.svelte.dev/docs/adapter-node#environment-variables

I'll experiment with a .env.local and a .env.production that is used during deployment and in production. (I think I tried this before, but ran into problems during the Docker build stage of the Fly deploy.)

[keybits]

This is fixed with: https://github.com/PostOwl/postowl/commit/a3c25b5d5e0b16caaadf95051e3b88c20863e5a7

We can now deploy with a simple fly deploy (no more build secrets)! 🙌

I've tested and it now always picks up the changes.

Docs are updated: https://postowl.com/docs/administration-guide/deploy/

Do a git pull to get the latest changes on main, then follow the new docs above (basically create a .env.production and then run fly deploy).

Let me know if you have any problems.

If all is working well, I'll cut a new release as it's an important improvement.

[keybits]

Closing as the above commit has now been tested and works well.

I'll make a new release later today with this and some other enhancements.