# Application + database secrets — TEMPLATES. # # Do NOT apply these files directly. Secret values are created # imperatively so passwords and session keys never land in git. # Two Secrets are created at deploy time: # # ---------- guildhall-db-credentials ---------- # Consumed by the guildhall-postgres Deployment (for its own env) and # by guildhall-app-secrets (the password is also needed to construct # DATABASE_URL). # # DB_PASSWORD="$(openssl rand -base64 32 | tr -d '/+=' | head -c 32)" # # kubectl create secret generic guildhall-db-credentials \ # --from-literal=POSTGRES_DB=guildhall \ # --from-literal=POSTGRES_USER=guildhall \ # --from-literal=POSTGRES_PASSWORD="$DB_PASSWORD" \ # --namespace=guildhall # # Shape: # # apiVersion: v1 # kind: Secret # metadata: # name: guildhall-db-credentials # namespace: guildhall # type: Opaque # data: # POSTGRES_DB: # POSTGRES_USER: # POSTGRES_PASSWORD: "> # # ---------- guildhall-app-secrets ---------- # Consumed by the guildhall Deployment and migration Job. Contains the # Phoenix session signing key and the DATABASE_URL used by Ecto at # runtime. # # SECRET_KEY_BASE="$(cd /home/tking/projects/substrate-project/guildhall && mix phx.gen.secret)" # # kubectl create secret generic guildhall-app-secrets \ # --from-literal=SECRET_KEY_BASE="$SECRET_KEY_BASE" \ # --from-literal=DATABASE_URL="ecto://guildhall:$DB_PASSWORD@guildhall-postgres:5432/guildhall" \ # --namespace=guildhall # # Note: `ecto://` scheme, not `postgres://` — `config/runtime.exs` # invokes Ecto.Repo's built-in URL parser which accepts either, but # `ecto://` is the canonical form in Phoenix-generated config. # # Shape: # # apiVersion: v1 # kind: Secret # metadata: # name: guildhall-app-secrets # namespace: guildhall # type: Opaque # data: # SECRET_KEY_BASE: "> # DATABASE_URL: @guildhall-postgres:5432/guildhall">