-
Notifications
You must be signed in to change notification settings - Fork 482
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Secrets should be interpolated at runtime so we do want the file in git. But add a warning at the top to avoid adding secrets or git ignore the file if you do. Also provide examples of the three options for interpolating secrets.
- Loading branch information
Showing
4 changed files
with
18 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,16 @@ | ||
# SECRETS=$(kamal secrets --adapter 1password --from Vault/Item Section1/KAMAL_REGISTRY_PASSWORD Section2/RAILS_MASTER_KEY) | ||
# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD ${SECRETS}) | ||
# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY ${SECRETS}) | ||
# WARNING: Avoid adding secrets directly to this file | ||
# If you must, then add `.kamal/secrets*` to your .gitignore file | ||
|
||
KAMAL_REGISTRY_PASSWORD=change-this | ||
RAILS_MASTER_KEY=another-env | ||
# Option 1: Read secrets from the environment | ||
KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD | ||
|
||
# Option 2: Read secrets via a command | ||
# RAILS_MASTER_KEY=$(cat config/master.key) | ||
|
||
# Option 3: Read secrets via kamal secrets helpers | ||
# These will handle logging in and fetching the secrets in as few calls as possible | ||
# There are adapters for 1Password, LastPass + Bitwarden | ||
# | ||
# SECRETS=$(kamal secrets fetch --adapter 1password --account my-account --from MyVault/MyItem KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY) | ||
# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS) | ||
# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters