From 18eac8b5e092ef55917fd518fd8f6f529ffe1d81 Mon Sep 17 00:00:00 2001 From: decentral1se Date: Fri, 28 May 2021 11:17:49 +0200 Subject: [PATCH] Get secrets laid out --- .env.sample | 7 +++++-- compose.yml | 24 +++++++++++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.env.sample b/.env.sample index 92c490c..c64c626 100644 --- a/.env.sample +++ b/.env.sample @@ -73,8 +73,11 @@ ES_ENABLED=false # Secrets # ======= -SECRET_KEY_BASE= -OTP_SECRET= +SECRET_KEY_BASE_VERSION=v1 +SECRET_OTP_SECRET_VERSION=v1 +SECRET_VAPID_PRIVATE_KEY_VERSION=v1 +SECRET_DB_PASSWORD_VERSION=v1 +SECRET_SMTP_PASSWORD_VERSION=v1 # Web Push # ======== diff --git a/compose.yml b/compose.yml index 1498a03..c11780e 100644 --- a/compose.yml +++ b/compose.yml @@ -203,13 +203,23 @@ services: volumes: *appVolume environment: *env -# secrets: -# secret_key_base: -# name: ${STACK_NAME}_secret_key_base_${SECRET_DB_PASSWORD_VERSION} -# external: true -# otp_secret: -# name: ${STACK_NAME}_otp_secret_${SECRET_DB_ROOT_PASSWORD_VERSION} -# external: true +secrets: + secret_key_base: + name: ${STACK_NAME}_secret_key_base_${SECRET_KEY_BASE_VERSION} + external: true + otp_secret: + name: ${STACK_NAME}_otp_secret_${SECRET_OTP_SECRET_VERSION} + external: true + vapid_private_key: + name: ${STACK_NAME}_vapid_private_key_${SECRET_VAPID_PRIVATE_KEY_VERSION} + external: true + db_password: + name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} + external: true + smtp_password: + name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION} + external: true + volumes: app: redis: