forked from toolshed/docs.coopcloud.tech
		
	helpful pointers for secrets/configs
This commit is contained in:
		| @ -66,6 +66,8 @@ configs: | |||||||
|     template_driver: golang |     template_driver: golang | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | Because configurations are maintained in-repository by maintainers, we version them ourselves. This means that configs changes are seamless to operators unless they cause breaking changes which should be signalled in the new version and release notes. This is in distinction to secrets, which are managed by the operators. For example, operators may need to rotate secrets on a running deployment and should be able to do so at any time. We put the versions in the [`abra.sh`](/maintainers/handbook/#abrash) file. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| # abra.sh | # abra.sh | ||||||
| export NGINX_CONFIG_VERSION=v1 | export NGINX_CONFIG_VERSION=v1 | ||||||
| @ -119,6 +121,8 @@ secrets: | |||||||
|     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} |     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION} | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
|  | Operators manage the secret versions themselves. So we provide a version hook in the environment variables which they control. This allows operators to deal with things like secret rotation without having to rely on recipe maintainers. | ||||||
|  |  | ||||||
| ```bash | ```bash | ||||||
| # .env.sample | # .env.sample | ||||||
| SECRET_DB_PASSWORD_VERSION=v1 | SECRET_DB_PASSWORD_VERSION=v1 | ||||||
| @ -134,7 +138,9 @@ configs: | |||||||
|     template_driver: golang |     template_driver: golang | ||||||
| ``` | ``` | ||||||
|  |  | ||||||
| Don't forget the `template_driver: golang`, it won't work otherwise. Then you can use the following syntax to access the secret: | Don't forget the `template_driver: golang`, it won't work otherwise. | ||||||
|  |  | ||||||
|  | Then you can use the following syntax to access the secret: | ||||||
|  |  | ||||||
| ```go | ```go | ||||||
| # someconfig.conf | # someconfig.conf | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user