Skip to content

Commit

Permalink
Use kavo -e option
Browse files Browse the repository at this point in the history
  • Loading branch information
@stefanoverna
stefanoverna committed Dec 23, 2024
1 parent 7e88892 commit 05656e2
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 26 deletions.
3 changes: 1 addition & 2 deletions .github/workflows/deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,8 @@ jobs:
- name: Deploy Application
env:
# this variable needs to NOT be called GITHUB_CONTAINER_REGISTRY_API_TOKEN
GCR_API_TOKEN: ${{ secrets.GCR_API_TOKEN }}
PRIVATE_KEY: ${{ secrets.KAVO_PRIVATE_KEY }}
run: |
sed -i -E -e 's/\-\-break 0/--wrap=0/g' -e '/^SECRETS=/d' -e 's/^GITHUB_CONTAINER_REGISTRY_API_TOKEN=.*$/GITHUB_CONTAINER_REGISTRY_API_TOKEN=$GCR_API_TOKEN/' .kamal/secrets.$KAMAL_DESTINATION
sed -i -E -e '/^SECRETS=/d' -e 's/^GITHUB_CONTAINER_REGISTRY_API_TOKEN=.*$/GITHUB_CONTAINER_REGISTRY_API_TOKEN=$GCR_API_TOKEN/' .kamal/secrets.$KAMAL_DESTINATION
kamal deploy -d $KAMAL_DESTINATION
22 changes: 10 additions & 12 deletions .kamal/secrets.production
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
KAVO_SECRETS=$(npx kavo files:decrypt .env.production -o | base64 --break 0)

DATOCMS_API_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^DATOCMS_API_TOKEN=//p')
FASTLY_KEY=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^FASTLY_KEY=//p')
FASTLY_SERVICE_ID=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^FASTLY_SERVICE_ID=//p')
MAILERLITE_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^MAILERLITE_TOKEN=//p')
PIPEDRIVE_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^PIPEDRIVE_TOKEN=//p')
RECAPTCHA_KEY=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^RECAPTCHA_KEY=//p')
RECAPTCHA_SECRET_KEY=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^RECAPTCHA_SECRET_KEY=//p')
ROLLBAR_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^ROLLBAR_TOKEN=//p')
SECRET_API_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^SECRET_API_TOKEN=//p')
SLACK_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^SLACK_TOKEN=//p')
DATOCMS_API_TOKEN=$(npx kavo files:decrypt .env.production -e DATOCMS_API_TOKEN)
FASTLY_KEY=$(npx kavo files:decrypt .env.production -e FASTLY_KEY)
FASTLY_SERVICE_ID=$(npx kavo files:decrypt .env.production -e FASTLY_SERVICE_ID)
MAILERLITE_TOKEN=$(npx kavo files:decrypt .env.production -e MAILERLITE_TOKEN)
PIPEDRIVE_TOKEN=$(npx kavo files:decrypt .env.production -e PIPEDRIVE_TOKEN)
RECAPTCHA_KEY=$(npx kavo files:decrypt .env.production -e RECAPTCHA_KEY)
RECAPTCHA_SECRET_KEY=$(npx kavo files:decrypt .env.production -e RECAPTCHA_SECRET_KEY)
ROLLBAR_TOKEN=$(npx kavo files:decrypt .env.production -e ROLLBAR_TOKEN)
SECRET_API_TOKEN=$(npx kavo files:decrypt .env.production -e SECRET_API_TOKEN)
SLACK_TOKEN=$(npx kavo files:decrypt .env.production -e SLACK_TOKEN)

SECRETS=$(kamal secrets fetch --adapter bitwarden --account [email protected] GITHUB_CONTAINER_REGISTRY_API_TOKEN)
GITHUB_CONTAINER_REGISTRY_API_TOKEN=$(kamal secrets extract GITHUB_CONTAINER_REGISTRY_API_TOKEN $SECRETS)
22 changes: 10 additions & 12 deletions .kamal/secrets.staging
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,13 @@
KAVO_SECRETS=$(npx kavo files:decrypt .env.staging -o | base64 --break 0)

DATOCMS_API_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^DATOCMS_API_TOKEN=//p')
FASTLY_KEY=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^FASTLY_KEY=//p')
FASTLY_SERVICE_ID=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^FASTLY_SERVICE_ID=//p')
MAILERLITE_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^MAILERLITE_TOKEN=//p')
PIPEDRIVE_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^PIPEDRIVE_TOKEN=//p')
RECAPTCHA_KEY=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^RECAPTCHA_KEY=//p')
RECAPTCHA_SECRET_KEY=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^RECAPTCHA_SECRET_KEY=//p')
ROLLBAR_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^ROLLBAR_TOKEN=//p')
SECRET_API_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^SECRET_API_TOKEN=//p')
SLACK_TOKEN=$(echo $KAVO_SECRETS | base64 --decode | sed -n 's/^SLACK_TOKEN=//p')
DATOCMS_API_TOKEN=$(npx kavo files:decrypt .env.staging -e DATOCMS_API_TOKEN)
FASTLY_KEY=$(npx kavo files:decrypt .env.staging -e FASTLY_KEY)
FASTLY_SERVICE_ID=$(npx kavo files:decrypt .env.staging -e FASTLY_SERVICE_ID)
MAILERLITE_TOKEN=$(npx kavo files:decrypt .env.staging -e MAILERLITE_TOKEN)
PIPEDRIVE_TOKEN=$(npx kavo files:decrypt .env.staging -e PIPEDRIVE_TOKEN)
RECAPTCHA_KEY=$(npx kavo files:decrypt .env.staging -e RECAPTCHA_KEY)
RECAPTCHA_SECRET_KEY=$(npx kavo files:decrypt .env.staging -e RECAPTCHA_SECRET_KEY)
ROLLBAR_TOKEN=$(npx kavo files:decrypt .env.staging -e ROLLBAR_TOKEN)
SECRET_API_TOKEN=$(npx kavo files:decrypt .env.staging -e SECRET_API_TOKEN)
SLACK_TOKEN=$(npx kavo files:decrypt .env.staging -e SLACK_TOKEN)

SECRETS=$(kamal secrets fetch --adapter bitwarden --account [email protected] GITHUB_CONTAINER_REGISTRY_API_TOKEN)
GITHUB_CONTAINER_REGISTRY_API_TOKEN=$(kamal secrets extract GITHUB_CONTAINER_REGISTRY_API_TOKEN $SECRETS)

0 comments on commit 05656e2

Please sign in to comment.