diff options
| author | Marius Peter <marius.peter@tutanota.com> | 2024-12-29 15:14:43 +0100 |
|---|---|---|
| committer | Marius Peter <marius.peter@tutanota.com> | 2024-12-29 15:14:43 +0100 |
| commit | be2a93525069de2dfa3c23b0c23e7a9f7ad4c03d (patch) | |
| tree | b5493e9d35d024ce7be072ec2168b4a98ba0e63f /.kamal/secrets | |
First commit.
Diffstat (limited to '.kamal/secrets')
| -rw-r--r-- | .kamal/secrets | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/.kamal/secrets b/.kamal/secrets new file mode 100644 index 0000000..9a771a3 --- /dev/null +++ b/.kamal/secrets @@ -0,0 +1,17 @@ +# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets, +# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either +# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git. + +# Example of extracting secrets from 1password (or another compatible pw manager) +# SECRETS=$(kamal secrets fetch --adapter 1password --account your-account --from Vault/Item KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY) +# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD ${SECRETS}) +# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY ${SECRETS}) + +# Use a GITHUB_TOKEN if private repositories are needed for the image +# GITHUB_TOKEN=$(gh config get -h github.com oauth_token) + +# Grab the registry password from ENV +KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD + +# Improve security by using a password manager. Never check config/master.key into git! +RAILS_MASTER_KEY=$(cat config/master.key) |