Secrets should be interpolated at runtime so we do want the file in git. But add a warning at the top to avoid adding secrets or git ignore the file if you do. Also provide examples of the three options for interpolating secrets.
17 lines
786 B
Plaintext
17 lines
786 B
Plaintext
# WARNING: Avoid adding secrets directly to this file
|
|
# If you must, then add `.kamal/secrets*` to your .gitignore file
|
|
|
|
# Option 1: Read secrets from the environment
|
|
KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
|
|
|
|
# Option 2: Read secrets via a command
|
|
# RAILS_MASTER_KEY=$(cat config/master.key)
|
|
|
|
# Option 3: Read secrets via kamal secrets helpers
|
|
# These will handle logging in and fetching the secrets in as few calls as possible
|
|
# There are adapters for 1Password, LastPass + Bitwarden
|
|
#
|
|
# SECRETS=$(kamal secrets fetch --adapter 1password --account my-account --from MyVault/MyItem KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
|
|
# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD $SECRETS)
|
|
# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY $SECRETS)
|