twolfson / twolfson.com-scripts

Scripts used for bootstrapping and deploying services for twolfson.com and its subdomains
The Unlicense
33 stars 2 forks source link

Migrate from secrets in supervisord.conf to environment variables #15

Closed twolfson closed 8 months ago

twolfson commented 9 months ago

supervisord.conf currently uses handwritten secrets:

https://github.com/twolfson/twolfson.com-scripts/blob/99b863ae15bf5d933bbdd5463b77eee6d250b81c/data/etc/supervisord.conf#L37

This is problematic because it doesn't allow for simple rsync + mv to update/track files.

One solution that we've used plenty is to use .env files in the repo itself to handle secrets.

In practice, we'd probably:

  1. During provisioning, establish .env by hand in twolfson.com/main on digital-twolfson.com
  2. Update deploy-twolfson.com.sh to copy that file between deployments

There are plenty of other solutions that work for environment variables as well

See relevant TASK: ... https://github.com/twolfson/twolfson.com-scripts/issues/15 via git grep

twolfson commented 9 months ago

We also had some thoughts/ideas here: https://github.com/twolfson/twolfson.com-scripts/tree/4590a82e86294e77f2cec6e184723d6358b82a6c#managing-secrets

twolfson commented 8 months ago

Our twolfson.com repo already handles .local files so this was easily added to the repo in 3.1.0 =)