Joey Hafner ca3b7d83a2 #110 Init Secrets.md

Update DDClient readme for new hostname

2023-12-15 11:48:44 -08:00

1.1 KiB

Raw Blame History

Secrets

Our repository contains as many configuration details as reasonable. But we must secure our secrets: passwords, API keys, encryption seeds, etc..

Docker Env Vars

We store our Docker env vars in a file named after the service. For example keycloak.env.
We separate our secrets from non-secret env vars by placing them in a file with a similar name, but with _secrets appended to the service name. For example keycloak_secrets.env. These files exist only on the host for which they are necessary, and must be created manually on the host.
Our repository .gitignore excludes all files matching *.secret, and *_secrets.env.

Note: This makes secrets very fragile. Accidental deletion or other data loss can destroy the secret permanently.

Generating Secrets

We use the password manager's generator to create secrets with the desired parameters, preferring the following parameters: - 64 characters - Capital letters, lowercase letters, numbers, and standard symbols (^*@#!&$%) If necessary, we will reduce characterset by cutting out symbols before reducing string length.

1.1 KiB Raw Blame History

Secrets

Docker Env Vars

Generating Secrets

1.1 KiB

Raw Blame History