Improve the CI/CD pipeline credential flow - Githubissues

rivernews / iriversland2-api

My personal website's backend code base.

https://api.shaungc.com

0 stars 0 forks source link

Improve the CI/CD pipeline credential flow #7

Open rivernews opened 5 years ago

rivernews commented 5 years ago

Reduce redundancy and avoid setting the same environment variable or secret at multiple different places.

Quick look at current credential storage

Where are the credentials now?

Location	Format	Contents
`secret-management` repository	JSON -> AWS SSM	Django, Database, AWS, DO, Dockerhub
`iriversland-public` repository	Local `.py`	AWS (S3), Database, Django Misc
`terraform-provisioning` repository	Local `.tfvars`	Database (backend storage), DO, AWS, Dockerhub
CircleCI `iriversland-public`	ENV VAR in portal	AWS, DO, Django, Dockerhub, Database, Database (TF backend storage), Terraform env var (for credential)
CircleCI `terraform-provisioning`	ENV VAR in portal	Database (TF backend storage), Terraform env var (for credential)

What kind of credentials used are there?

Django app itself, etc, SECRET_KEY, also gmail
- Including database - on heroku
AWS. Used across multiple stacks, like for S3, for secret management SSM, for external DNS Route53.
Dockerhub

...