Use 1P CLI for secrets

dansahagian · Aug 19, 2024 · 3cc30a9 · 3cc30a9
1 parent b23f28d
commit 3cc30a9
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 36 deletions.
diff --git a/.env.template b/.env.template
diff --git a/.gitignore b/.gitignore
@@ -3,7 +3,6 @@ __pycache__
 .idea/
 
 .env
-.env.prod
 
 venv
 .venv

diff --git a/bin/deploy b/bin/deploy
@@ -25,8 +25,10 @@ rsync -a ./fbsurvivor dan@linode:/opt/fbsurvivor
 rsync -a ./requirements dan@linode:/opt/fbsurvivor
 rsync -a ./manage.py dan@linode:/opt/fbsurvivor
 rsync -a ./bin dan@linode:/opt/fbsurvivor
-rsync -a ./.env.prod dan@linode:/opt/fbsurvivor/.env
+rsync -a ./prod.env dan@linode:/opt/fbsurvivor/prod.env
 
-ssh linode "/opt/fbsurvivor/bin/deploy_on_server"
+ssh linode /opt/fbsurvivor/bin/deploy_on_server $OP_SERVICE_ACCOUNT_TOKEN
+
+sleep 2
 
 curl -X GET -I https://fbsurvivor.com
diff --git a/bin/deploy_on_server b/bin/deploy_on_server
@@ -8,13 +8,12 @@ cd /opt/fbsurvivor
 echo "\nStopping services...\n"
 sudo systemctl stop wsgi-server-fbsurvivor.service
 
-.venv/bin/python manage.py migrate
-.venv/bin/python manage.py collectstatic --no-input
-.venv/bin/python manage.py check --deploy
+export OP_SERVICE_ACCOUNT_TOKEN="$1"
+export ENV=prod
+
+op run --env-file="./prod.env" -- .venv/bin/python manage.py migrate
+op run --env-file="./prod.env" -- .venv/bin/python manage.py collectstatic --no-input
+op run --env-file="./prod.env" -- .venv/bin/python manage.py check --deploy
 
 echo "\nStarting services...\n"
 sudo systemctl start wsgi-server-fbsurvivor.service
-
-sleep 2
-
-rm .env
diff --git a/fbsurvivor/settings.py b/fbsurvivor/settings.py
@@ -138,7 +138,7 @@
 SMTP_SENDER = config("SMTP_SENDER", "")
 SMTP_USER = config("SMTP_USER", "")
 SMTP_PASSWORD = config("SMTP_PASSWORD", "")
-SMTP_PORT = config("SMTP_PORT", "")
+SMTP_PORT = config("SMTP_PORT", 465)
 
 if ENV == "dev":
     DEBUG = True

diff --git a/prod.env b/prod.env
@@ -0,0 +1,17 @@
+DOMAIN="op://fbsurvivor/prod/domain"
+SECRET_KEY="op://fbsurvivor/prod/secret_key"
+
+CONTACT="op://fbsurvivor/prod/smtp_sender"
+VENMO="op://fbsurvivor/prod/venmo"
+
+PGHOST="op://fbsurvivor/prod/pghost"
+PGDATABASE="op://fbsurvivor/prod/pgdatabase"
+PGUSER="op://fbsurvivor/prod/pguser"
+PGPASSWORD="op://fbsurvivor/prod/pgpassword"
+
+SMTP_SERVER="op://fbsurvivor/prod/smtp_server"
+SMTP_SENDER="op://fbsurvivor/prod/smtp_sender"
+SMTP_USER="op://fbsurvivor/prod/smtp_user"
+SMTP_PASSWORD="op://fbsurvivor/prod/smtp_password"
+
+SENTRY_DSN="op://fbsurvivor/prod/sentry_dsn"