Open vladiim opened 1 day ago
Kamal intentionally doesn't read from .env
automatically anymore. https://kamal-deploy.org/docs/upgrading/secrets-changes/
@nickhammond I understand the change but one thing I haven't found any advice on: Where should the actual secrets (meaning: the plain text values) be kept if not in .env or in .kamal/secrets? I'm currently putting them in .kamal/secrets and keeping that gitignored but that seems not to be the intended design. Thanks for any light you can shed! Kamal is a joy.
@junket I'm still sort of figuring out my workflow as well since I don't often want to deal with fetching the credentials from 1P, it can just add another layer.
The intention seems to be that you always fetch from a secret store and that's what gets set dynamically in .kamal/secrets
. That's not always the case though and sometimes it's just easier to deal with files for some apps, pre Kamal 2 style.
What I've been doing is ignoring from git .kamal/secrets-common
and .kamal/secrets.*
, .kamal/secrets
just contains example/template config with empty values.
If you wanted to keep on using .env
you can use the dotenv
CLI command to pre-load the env before running Kamal commands but this feels pretty clunky.
Excellent. Thanks @nickhammond! Exactly, I haven't bothered setting up secret stores for any of my one-man projects for the reasons you mentioned.
Okay, I'll follow your approach, too--it does make sense to me to just have just one .env for dev and all the deployment/destination stuff in with the Kamal config. But when I saw the advice in the .kamal/secrets
boilerplate not to actually add the secrets there I was stymied.
Thanks so much for the additional info @nickhammond - sorry I didn't catch the docs!
I consistently got error messages trying to login to docker on my Apple M1. The issue was .env variables were not being passed correctly to kamal.