Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store secret environment variables #5

Closed
JorritSalverda opened this issue Aug 20, 2017 · 1 comment
Closed

Store secret environment variables #5

JorritSalverda opened this issue Aug 20, 2017 · 1 comment
Labels
enhancement

Comments

@JorritSalverda
Copy link
Collaborator

In order to push containers to registries, deploy containers to any environment, etc a secret is usually required.

To benefit from version controlling the secrets it would be nice to store them encrypted in plain sight in the manifest, but storing them in a database could be an easier alternative.
@JorritSalverda JorritSalverda added this to the Ready to replace go.cd for simple build & deployments milestone Aug 20, 2017
@JorritSalverda JorritSalverda mentioned this issue Aug 20, 2017
Closed
@JorritSalverda
Copy link
Collaborator Author

Encrypted secrets can be added to the .estafette.yaml manifest. They're encrypted using AES-256 encryption and then base64 url encoded. The nonce is prefixing the string and separated with a dot, similar to how bcrypt adds the salt. The entire string is then wrapped in estafette.secret(<nonce>.<encrypted string>) and can be used for any environment variable, like this:

    env:
      DOCKER_HUB_USERNAME: estafette.secret(...)

Generating the encrypted string can be done via Slack integration with Slash command /estafette encrypt <unencrypted secret string>.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@JorritSalverda