Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@heyheni How can I manage credentials in a tiny project running on a single grossly underpowered host, in Docker Compose?
-
sariel84473yhttps://git-secret.io/
You can also use AWS parameter store and AWS cli if you want to build your own.
Still highly recommend git secret though.
You should also use git BFG to sanitize your history afterwards. -
We use hashicorp vault and inject secrets on build. May not work in this scenario, but thought I’d throw it out there.
-
Github has secrets, which I assumed I think that you would use for github actions. So basically to use them fully, you are supposed to learn CI/CD pipline to build stage step.
I just went lazier for now... I keep my secret envs... in secrets private repo. -
ezpz7453yStore them in an encrypted file that you commit. Decrypt to a .env file that is ignored by git. Developers will need the decryption key to publish the app. That's how I handle it, anyway.
Related Rants
I decided to use Docker Compose on a tiny project that essentially consists of an API and a Caddy server that serves static files and proxies to the API, all of this running on an EC2 t1-nano. I made this admittedly odd choice because I wanted to learn Compose and simultaneously forego figuring out why the node-gyp bindings for sqlite3 refuse to build on EC2 even though it builds just fine on my machine.
I am storing secrets in .env which is committed into the private GH repo. Just now I came across a rant that described the same security practice and it sounded pretty bad from an outside perspective so I decided to research alternatives.
Apparently professional methods for storing secrets generally have higher system requirements than a t1-nano. I'm not looking for a complex service orchestration system, I'm not trying to run an enterprise on this poor little cloud-based raspberry pi. I just want to move my secrets out of the Git repo,
Any tips?
rant
amazon ec2.
secrets
git
docker compose