Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Figure out how to have less dependency on Vault. #88

Open
crankynetman opened this issue Nov 22, 2024 · 2 comments
Open

Figure out how to have less dependency on Vault. #88

crankynetman opened this issue Nov 22, 2024 · 2 comments

Comments

@crankynetman
Copy link
Collaborator

Right now, we have a lot of dependency on vault for rendering secrets. We should consider how to make that not mandatory.
@crankynetman crankynetman converted this from a draft issue Nov 22, 2024
@samoehlert
Copy link
Collaborator

samoehlert commented Nov 23, 2024
edited
Loading

I wonder if we can do something like this:

env_file:
      - ${SECRETS_FILE:-/dev/null}

We could then add to our .env file:

SECRETS_FILE="/etc/vault.d/secrets/kv_root_security.env

Meanwhile anyone else using it could point it to a config file with secrets in it they store elsewhere or they could just not set it at all and find another way to inject the secrets (docker secrets, environment variables directly in the file (if they want to monkeypatch), or another Secret Manager).

I'm also not sure if /dev/null would even work, or be smart. At first blush it makes sense to me, but we'd have to do some thinking and testing.

@crankynetman
Copy link
Collaborator Author

I think slapping a variable on it is definitely the correct start, I like it!

@crankynetman crankynetman mentioned this issue Nov 25, 2024
Merged
crankynetman added a commit that referenced this issue Dec 10, 2024
@crankynetman
feat(db): Enable running postgres locally in prod-mode (#93)
0667c54 
This lets you run prod with a local postgres instance. We prolly need to
document the vault stuff, but I think that's better suited for #88 to
handle.

I *think* this MR is ready to rock, it's deployed and working on
`scram-pentest.ocean.cu-es.net` presently.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
SCRAM Kanban
Status: In progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samoehlert @crankynetman