Closed sallareznov closed 7 years ago
Instead of using shazar you can also use the configuration:dist
command inside sbt to generate the bundle configuration: https://github.com/typesafehub/sbt-conductr#bundle-configuration
Inside the src/bundle-configuration/default
directory you can then add a runtime-config.sh
script in which you can set environment variables for the specific bundle configuration, i.e. for a specific environment. Here is a sample service that is doing it: https://github.com/lagom/activator-lagom-java-chirper/tree/master/front-end/bundle-configuration/default
Hi,
Don't you think that it's a bad idea to commit secrets in Git ? I think it is. So, IMHO, the problem is still open. 😕
Will you consider something like Vault ? or provides a better process to keep our secrets out of git ? IMHO, distributed systems need a "secured env variables store". At service launch, the service itself will fetch its env variables thanks to some HTTPS calls? What do you think ?
We agree. It is absolutely not good to store secrets in Git, private repo or not. Developer default configs can be used here, but not target envs.
Bintray has an encrypted repo feature coming that we're likely to use for proper config storage extending unencrypted bundle repos currently in use. Vault is also a candidate for such.
I'm going to close this issue.
A bundle is required to be loaded initially with config. Once loaded, if the bundle is updated then our Continuous Delivery process will apply the config of anything that it replaces.
Hi,
as far as I know, the only way to inject environment variables in a service is to build a configuration bundle with Shazar and load it with the application bundle. Is there a way to do so automatically with this plugin (I don't see any but who knows)? Have you already considered this issue in a continuous deployment process?
Also, have you heard of Vault? Do you think it's a good solution for environment variables management in distributed systems? Thank you!