Secret auto-generation grep pattern doesn't match arbitrary naming #32
Labels
No Label
breaking-change
bug
CI/CD
design
documentation
duplicate
enhancement
help wanted
invalid
plugin
question
secrets
shell-completion
versioning
wontfix
No Milestone
No Assignees
2 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/abra#32
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
For foodsoft app, I ran the pattern when I didn't get anything auto-generated:
But I have:
Culture war over PASSWD/PASSWORD aside (😹) it seems like the
SECRET_KEY_BASE_VERSION
would always be left out. I think we need to exted this logic. Anything with a line ending of=v1
? Maybe too brittle...Oh darn, that would also include the configs too. Woops.
Time for https://mikefarah.gitbook.io/yq/?
Yep, also e.g.
MEDIAWIKI_SECRET_KEY_VERSION
.My plan was to make sure all the env vars had
SECRET
in the name, then change thegrep
call toSECRET.*VERSION
... but then we'd still be missing the instructions on how to generate each kind of password.Possibly
SECRET.*PASSWORD.*VERSION
usespwqgen
andSECRET.*KEY.*VERSION
usespwgen -n 64 1
?Or we just default to
pwgen..
for everything and lose semi-human-communicable passwords..Also fine for a
yml
format to happen, still don't have momentum to solo that at present.Ah, I meant, parsing the
compose*.yml
files for the secret names instead of the.envrc.sample
files? As a way to grab the exact position by parsing and then do a transformation there.Sounds good then actually! Just using some sort of naming convention like this. I actually need that
SECRET_KEY_BASE
thing to be 30 characters long, I think. I know also the Gitea secrets need to be a specific length. That seems hard to thread down to auto-generation... maybe with comments!? Haha....uhhhhh,=v1 # length: 30
?Oh yeah that works -- guess same issue about length applies tho
Yeah this seems the good kind of evil, hopefully an easy migration to eventual yaml format, too.
...=v1 # length=30
+PASSWORD/KEY
distinction in generation! 🙉Solved in #33.
Lots of bash hair pulling but I guess I am just learning.