spacebar/kamal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add secret envs

Browse Source
This commit is contained in:
David Heinemeier Hansson
2023-01-21 10:56:24 +01:00
parent 3bf56c2fdb
commit f6ca864e06
4 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@@ -75,6 +75,25 @@ env:
REDIS_URL: redis://redis1:6379/1
```
### Adding secret custom env variables
If you have custom env variables that are secret, you can divide the `env` block into `clear` and `secret`:
```yaml
env:
clear:
DATABASE_URL: mysql2://db1/hey_production/
REDIS_URL: redis://redis1:6379/1
secret:
- DATABASE_PASSWORD
- REDIS_PASSWORD
```
The list of secret env variables will be expanded at run time from your local machine. So a reference to a secret `DATABASE_PASSWORD` will look for `ENV["DATABASE_PASSWORD"]` on the machine running MRSK. Just like with build secrets.
Note: Marking an ENV as secret currently only redacts its value in the output for MRSK. The ENV is still injected in the clear into the container at runtime.
### Splitting servers into different roles
If your application uses separate hosts for running jobs or other roles beyond the default web running, you can specify these hosts and their custom entrypoint command like so: