From f7b0b9ac928127fe7d2f961a35bc3de0d379982b Mon Sep 17 00:00:00 2001 From: Nilesh Londhe Date: Tue, 28 Feb 2023 17:22:11 -0800 Subject: [PATCH 1/2] add bitwarden erb for mrsk envify add bitwarden erb for mrsk envify --- README.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/README.md b/README.md index b16cd3f7..e7c25478 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,8 @@ DB_PASSWORD=secret123 ### Using a generated .env file +#### 1password as a secret store + If you're using a centralized secret store, like 1Password, you can create `.env.erb` as a template which looks up the secrets. Example of a .env.erb file: ```erb @@ -93,6 +95,52 @@ This template can safely be checked into git. Then everyone deploying the app ca If you need separate env variables for different destinations, you can set them with `.env.destination.erb` for the template, which will generate `.env.staging` when run with `mrsk envify -d staging`. +#### 1password as a secret store + +If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets. + +You can store `SOME_SECRET` in a secure note in bitwarden vault. + +``` +$ bw list items --search SOME_SECRET | jq +? Master password: [hidden] + +[ + { + "object": "item", + "id": "123123123-1232-4224-222f-234234234234", + "organizationId": null, + "folderId": null, + "type": 2, + "reprompt": 0, + "name": "SOME_SECRET", + "notes": "yyy", + "favorite": false, + "secureNote": { + "type": 0 + }, + "collectionIds": [], + "revisionDate": "2023-02-28T23:54:47.868Z", + "creationDate": "2022-11-07T03:16:05.828Z", + "deletedDate": null + } +] +``` + +and extract the `id` of `SOME_SECRET` from the `json` above and use in the `erb` below. + + +Example `.env.erb` file: + +```erb +<% if (session_token=`bw unlock --raw`.strip) != "" %># Generated by mrsk envify +SOME_SECRET=<%= `bw get notes 123123123-1232-4224-222f-234234234234 --session #{session_token}` %> +<% else raise ArgumentError, "session_token token missing" end %> +``` + +Then everyone deploying the app can run `mrsk envify` and mrsk will generate `.env` + + ### Using another registry than Docker Hub The default registry is Docker Hub, but you can change it using `registry/server`: From fa7b560d50c009410313fc173641561a8a2a3807 Mon Sep 17 00:00:00 2001 From: Nilesh Londhe Date: Tue, 28 Feb 2023 17:24:05 -0800 Subject: [PATCH 2/2] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e7c25478..bbed5d38 100644 --- a/README.md +++ b/README.md @@ -95,7 +95,7 @@ This template can safely be checked into git. Then everyone deploying the app ca If you need separate env variables for different destinations, you can set them with `.env.destination.erb` for the template, which will generate `.env.staging` when run with `mrsk envify -d staging`. -#### 1password as a secret store +#### bitwarden as a secret store If you are using open source secret store like bitwarden, you can create `.env.erb` as a template which looks up the secrets.