20 lines
1.1 KiB
Text
20 lines
1.1 KiB
Text
# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets,
|
|
# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either
|
|
# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
|
|
|
|
# Example of extracting secrets from 1password (or another compatible pw manager)
|
|
# SECRETS=$(kamal secrets fetch --adapter 1password --account your-account --from Vault/Item KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
|
|
# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD ${SECRETS})
|
|
# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY ${SECRETS})
|
|
|
|
# Example of extracting secrets from Rails credentials
|
|
# KAMAL_REGISTRY_PASSWORD=$(rails credentials:fetch kamal.registry_password)
|
|
|
|
# Use a GITHUB_TOKEN if private repositories are needed for the image
|
|
# GITHUB_TOKEN=$(gh config get -h github.com oauth_token)
|
|
|
|
# Grab the registry password from ENV
|
|
# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
|
|
|
|
# Improve security by using a password manager. Never check config/master.key into git!
|
|
RAILS_MASTER_KEY=$(cat config/master.key)
|