Support password protected demos on Cloud Run

mozilla / bedrock

Making mozilla.org awesome, one pebble at a time

https://www.mozilla.org

Mozilla Public License 2.0

1.18k stars 918 forks source link

Support password protected demos on Cloud Run #15604

Open stevejalim opened 2 days ago

stevejalim commented 2 days ago

At the moment, to support password-protected demos, we need to use our Heroku instances, because:

developers have to set BASIC_AUTH_CREDS="username:password" as an env var, but because those need to be committed to get them only Cloud Run, it's not viable to commit them to the public repo
Secrets are shared across all Cloud Run demo services, so if set BASIC_AUTH_CREDS in Secrets, they'd apply to all demos

So, obvs, we need a solution - and one that ideally is very light touch

stevejalim commented 2 days ago

One option might be to stably generate random-but-readable passwords using the branch name as a seed then log them out to the private logs for a developer to pick up and share as needed. The credentials would be different per branch name, but not change with each commit to that branch