diff --git a/README.md b/README.md index a21bf302..db33a09d 100644 --- a/README.md +++ b/README.md @@ -80,6 +80,8 @@ DB_PASSWORD=secret123 ### Using a generated .env file +#### 1password as a secret store + If you're using a centralized secret store, like 1Password, you can create `.env.erb` as a template which looks up the secrets. Example of a .env.erb file: ```erb @@ -95,6 +97,52 @@ This template can safely be checked into git. Then everyone deploying the app ca If you need separate env variables for different destinations, you can set them with `.env.destination.erb` for the template, which will generate `.env.staging` when run with `mrsk envify -d staging`. +#### bitwarden as a secret store + +If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets. + +You can store `SOME_SECRET` in a secure note in bitwarden vault. + +``` +$ bw list items --search SOME_SECRET | jq +? Master password: [hidden] + +[ + { + "object": "item", + "id": "123123123-1232-4224-222f-234234234234", + "organizationId": null, + "folderId": null, + "type": 2, + "reprompt": 0, + "name": "SOME_SECRET", + "notes": "yyy", + "favorite": false, + "secureNote": { + "type": 0 + }, + "collectionIds": [], + "revisionDate": "2023-02-28T23:54:47.868Z", + "creationDate": "2022-11-07T03:16:05.828Z", + "deletedDate": null + } +] +``` + +and extract the `id` of `SOME_SECRET` from the `json` above and use in the `erb` below. + + +Example `.env.erb` file: + +```erb +<% if (session_token=`bw unlock --raw`.strip) != "" %># Generated by mrsk envify +SOME_SECRET=<%= `bw get notes 123123123-1232-4224-222f-234234234234 --session #{session_token}` %> +<% else raise ArgumentError, "session_token token missing" end %> +``` + +Then everyone deploying the app can run `mrsk envify` and mrsk will generate `.env` + + ### Using another registry than Docker Hub The default registry is Docker Hub, but you can change it using `registry/server`: