search

deepbass / serverless-cms-azure

Full implementation of a Serverless CMS on Azure, using Netlify CMS, Gatsby and Azure Functions. Built and Deployed using GitHub Actions
MIT License
15 stars 10 forks source link

Confusion over secrets #7

Closed woter1832 closed 2 years ago

woter1832 commented 2 years ago

Hi @deepbass ,

Firstly, thank you very much for all this.

Reading the section on creating the GitHub secrets. I am a little confused:

You then need to modify the static/admin/config.yml to replace the base_url with your function app address - otherwise your Netlify CMS will attempt to use my Azure Function for authorization and fail. You also want to replace the 'repo' value with your own, so that it knows to point at your repository not mine. image These two values are then stored in the GitHub Repository Secrets section so that they can be accessed by GitHub Actions for deployment, like the screenshot: image

Which two values? repo and base_url? I don't see these values in the secrets screenshot above.

The AZURE_CREDENTIALS secret contains CLIENT_ID, CLIENT_SECRET and SUBSCRIPTION_ID. Why do they need to be repeated? Are OAUTH_CLIENT_ID and OAUTH_CLIENT_SECRET from different values to those in AZURE_CREDENTIALS, i.e. we need to runaz ad sp create-for-rbac...` twice?

Thank you in advance.

W.

woter1832 commented 2 years ago

Ahh. My fault. I didn't do the GitHub OAuth piece first. The OAUTH_CLIENT_ID & OAUTH_CLIENT_SECRET are generated by GitHub.

Although, as AZURE_SECRET contains SUBSCRIPTION_ID I would have thought it would have got it from there. As I read your code, I expect I'll discover it's much easier to get it from a single string than getting it out of AZURE_SECRET JSON.