Closed twolfson closed 8 months ago
We also had some thoughts/ideas here: https://github.com/twolfson/twolfson.com-scripts/tree/4590a82e86294e77f2cec6e184723d6358b82a6c#managing-secrets
Our twolfson.com
repo already handles .local
files so this was easily added to the repo in 3.1.0
=)
supervisord.conf
currently uses handwritten secrets:https://github.com/twolfson/twolfson.com-scripts/blob/99b863ae15bf5d933bbdd5463b77eee6d250b81c/data/etc/supervisord.conf#L37
This is problematic because it doesn't allow for simple
rsync
+mv
to update/track files.One solution that we've used plenty is to use
.env
files in the repo itself to handle secrets.In practice, we'd probably:
.env
by hand intwolfson.com/main
ondigital-twolfson.com
deploy-twolfson.com.sh
to copy that file between deploymentsThere are plenty of other solutions that work for environment variables as well
See relevant
TASK: ... https://github.com/twolfson/twolfson.com-scripts/issues/15
viagit grep