TUTORIAL
1. Starting a new project2. Local development3. Version control4. Project management5. Remote environments6. Environment variables and secrets7. Databases and files8. Cloud services and Terraform9. full-stack-template specific details10. Production setup11. Running in production12. Creating a custom command13. Creating a custom plugin14. Creating a custom template15. Creating a zone16. Zone maintenance17. Zone monitoring18. Zone recoveryAPPENDIX A: Technology tutorialsAPPENDIX B: Software designAPPENDIX C: Modern server infrastructureAPPENDIX D: SecurityAPPENDIX E: Data protection and privacy (GDPR)

6. Environment variables and secrets

TODO describe:

  • docker-compose.yaml
  • scripts/helm.yaml
  • scripts/helm-ENV.yaml

6.1. Define an environment variable: same value for all environments

Add the variable to docker-compose.yaml for local development:

environment:
  MY_VARIABLE: my_value

Add the variable to scripts/helm.yaml:

env:
  MY_VARIABLE: my_value

6.2. Define an environment variable: different value for each environment

Add the variable to docker-compose.yaml for local development:

environment:
  MY_VARIABLE: my_value

Add default value for the variable to scripts/helm.yaml:

env:
  MY_VARIABLE: my_value

Add environment specific value to scripts/helm-ENV.yaml file for such environments that do not use the default value:

env:
  MY_VARIABLE: my_value

6.3. Deploy a configuration changes without rebuilding

Make configuration changes to scripts/helm*.yaml files on your local disk, and then deploy the changes directly to different environments with the following commands:

taito deployment deploy:dev
taito deployment deploy:test
taito deployment deploy:prod

6.4. Define a secret

Add secret definition to scripts/taito/project.sh. Avoid underscores in secret names as they are not valid in Kubernetes:

taito_secrets="
  ${taito_project}-${taito_env}-my-secret.key:manual
"

You can use the following methods in your secret definition:

  • random: Randomly generated string (30 characters).
  • random-N: Randomly generated string (N characters).
  • random-words: Randomly generated words (6 words).
  • random-words-N: Randomly generated words (N words).
  • random-uuid: Randomly generated UUID.
  • manual: Manually entered string (min 8 characters).
  • manual-N: Manually entered string (min N characters).
  • file: File. The file path is entered manually.
  • template-NAME: File generated from a template by substituting environment variables and secrets values.
  • htpasswd: htpasswd file that contains 1-N user credentials. User credentials are entered manually.
  • htpasswd-plain: htpasswd file that contains 1-N user credentials. Passwords are stored in plain text. User credentials are entered manually.
  • csrkey: Secret key generated for certificate signing request (CSR).

Add secret reference for Kubernetes service in helm.yaml:

  server:
    secrets:
      MY_SECRET_KEY: ${taito_project}-${taito_env}-my-secret.key

Add secret reference for Docker Compose service in docker-compose.yaml:

  my-app-server:
    secrets:
      - MY_SECRET_KEY

Define secret file location for Docker Compose at the end of docker-compose.yaml:

secrets:
  MY_SECRET_KEY:
    file: ./secrets/${taito_env}/${taito_project}-${taito_env}-my-secret.key

Set secret value for each environment:

taito secret rotate my-secret
taito secret rotate:dev my-secret
taito secret rotate:test my-secret
taito secret rotate:prod my-secret

6.5. User specific variables

taito-user-config.sh


Next: 7. Databases and files

1. Starting a new project
2. Local development
3. Version control
4. Project management
5. Remote environments
6. Environment variables and secrets
7. Databases and files
8. Cloud services and Terraform
9. full-stack-template specific details
10. Production setup
11. Running in production
12. Creating a custom command
13. Creating a custom plugin
14. Creating a custom template
15. Creating a zone
16. Zone maintenance
17. Zone monitoring
18. Zone recovery
APPENDIX A: Technology tutorials
APPENDIX B: Software design
APPENDIX C: Modern server infrastructure
APPENDIX D: Security
APPENDIX E: Data protection and privacy (GDPR)
Home
Docs
Tutorial
Plugins
Templates
Extensions