stripe secrets sopelling
This commit is contained in:
Jun-te Kim
parent
a93ba8d8ec
commit
c1ddbee66a
8 changed files with 73 additions and 9 deletions
20
.github/workflows/stripe-to-invoice.yml
vendored
20
.github/workflows/stripe-to-invoice.yml
vendored
|
|
@ -113,7 +113,7 @@ jobs:
|
|||
--from-literal=DATABASE_URL="$DATABASE_URL" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
|
||||
- name: Apply Stripe secrets
|
||||
- name: Apply Next env/secrets
|
||||
run: |
|
||||
set -e
|
||||
set -a
|
||||
|
|
@ -123,16 +123,30 @@ jobs:
|
|||
if [[ "$ENV" == "prod" ]]; then
|
||||
STRIPE_SECRET_KEY="$PROD_STRIPE_SECRET_KEY"
|
||||
STRIPE_CLIENT_ID="$PROD_STRIPE_CLIENT_ID"
|
||||
APP_URL=$PROD_APP_URL
|
||||
AWS_REGION=$PROD_AWS_REGION
|
||||
AWS_ACCESS_KEY_ID=$PROD_AWS_ACCESS_KEY_ID
|
||||
AWS_SECRET_ACCESS_KEY=$PROD_AWS_SECRET_ACCESS_KEY
|
||||
SES_FROM_EMAIL=$PROD_SES_FROM_EMAIL
|
||||
else
|
||||
STRIPE_SECRET_KEY="$DEV_STRIPE_SECRET_KEY"
|
||||
STRIPE_CLIENT_ID="$DEV_STRIPE_CLIENT_ID"
|
||||
APP_URL=$DEV_APP_URL
|
||||
AWS_REGION=$DEV_AWS_REGION
|
||||
AWS_ACCESS_KEY_ID=$DEV_AWS_ACCESS_KEY_ID
|
||||
AWS_SECRET_ACCESS_KEY=$DEV_AWS_SECRET_ACCESS_KEY
|
||||
SES_FROM_EMAIL=$DEV_SES_FROM_EMAIL
|
||||
fi
|
||||
|
||||
: "${STRIPE_SECRET_KEY:?missing STRIPE_SECRET_KEY}"
|
||||
: "${STRIPE_CLIENT_ID:?missing STRIPE_CLIENT_ID}"
|
||||
: "${NAMESPACE:?missing NAMESPACE}"
|
||||
: "${APP_URL:?missing APP_URL}"
|
||||
: "${AWS_REGION:?missing AWS_REGION}"
|
||||
: "${AWS_ACCESS_KEY_ID:?missing AWS_ACCESS_KEY_ID}"
|
||||
: "${AWS_SECRET_ACCESS_KEY:?missing AWS_SECRET_ACCESS_KEY}"
|
||||
: "${SES_FROM_EMAIL:?missing SES_FROM_EMAIL}"
|
||||
|
||||
export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE
|
||||
export STRIPE_SECRET_KEY STRIPE_CLIENT_ID NAMESPACE APP_URL AWS_REGION AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY SES_FROM_EMAIL
|
||||
|
||||
envsubst < stripe_to_invoice/deployment/secrets/stripe-secrets.yaml \
|
||||
| kubectl apply -f -
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ env "stripe_invoice_dev" {
|
|||
}
|
||||
|
||||
env "stripe_invoice_prod" {
|
||||
url = "postgres://${getenv("POSTGRES_USER")}:${getenv("POSTGRES_PASSWORD")}@postgres-prod.default.svc.cluster.local:5432/stripe_invoice_prod?sslmode=disable"
|
||||
url = "postgres://${getenv("POSTGRES_USER")}:${getenv("POSTGRES_PASSWORD")}@postgres-prod.default.svc.cluster.local:5432/stripe_invoice?sslmode=disable"
|
||||
|
||||
|
||||
migration {
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ spec:
|
|||
pg_dump \
|
||||
-h postgres-prod.default.svc.cluster.local \
|
||||
-U $POSTGRES_USER \
|
||||
stripe_invoice_prod \
|
||||
stripe_invoice \
|
||||
| gzip \
|
||||
| aws s3 cp - s3://$S3_BUCKET/prod/stripe_invoice/$(date +%F).sql.gz
|
||||
envFrom:
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
# - name: atlas
|
||||
# image: arigaio/atlas:latest
|
||||
# command: ["/atlas"]
|
||||
# args: ["migrate", "apply", "--env", "stripe_invoice_dev"]
|
||||
# args: ["migrate", "apply", "--env", "stripe_invoice"]
|
||||
# envFrom:
|
||||
# - secretRef:
|
||||
# name: postgres-secret
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
# containers:
|
||||
# - name: atlas
|
||||
# image: arigaio/atlas:latest
|
||||
# command: ["migrate", "apply", "--env", "stripe_invoice_prod"]
|
||||
# command: ["migrate", "apply", "--env", "stripe_invoice"]
|
||||
# envFrom:
|
||||
# - secretRef:
|
||||
# name: postgres-secret
|
||||
|
|
|
|||
|
|
@ -46,6 +46,38 @@ spec:
|
|||
name: stripe-secrets
|
||||
key: STRIPE_CLIENT_ID
|
||||
|
||||
# ---- App ----
|
||||
- name: APP_URL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: stripe-secrets
|
||||
key: APP_URL
|
||||
|
||||
# ---- AWS / SES ----
|
||||
- name: AWS_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: stripe-secrets
|
||||
key: AWS_REGION
|
||||
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: stripe-secrets
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: stripe-secrets
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
|
||||
- name: SES_FROM_EMAIL
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: stripe-secrets
|
||||
key: SES_FROM_EMAIL
|
||||
|
||||
imagePullSecrets:
|
||||
- name: registrypullsecret
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,19 @@
|
|||
# Test mode for deployment
|
||||
DEV_STRIPE_SECRET_KEY=sk_test_51Mo6PnBUc0gyz8XqrZqvWQWRQSUQbjt7zxP56lhdqgIG4qxn5zDuistUJJq8Chl7AxmyCy8xMRAh1Zf25jK0lYCb00QsQqNEsc
|
||||
DEV_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz
|
||||
DEV_APP_URL=stripe-to-invoice.dev.juntekim.com
|
||||
DEV_AWS_REGION=eu-west-2
|
||||
DEV_AWS_ACCESS_KEY_ID=AKIAQL67W6HI2547OPVG
|
||||
DEV_AWS_SECRET_ACCESS_KEY=qCTirw/OCdw6P2aVknGlyh8MQVMmOkrm0NrXTz4j
|
||||
DEV_SES_FROM_EMAIL=no-reply@juntekim.com
|
||||
|
||||
|
||||
# Prod
|
||||
PROD_STRIPE_SECRET_KEY=sk_test_51Mo6PnBUc0gyz8XqrZqvWQWRQSUQbjt7zxP56lhdqgIG4qxn5zDuistUJJq8Chl7AxmyCy8xMRAh1Zf25jK0lYCb00QsQqNEsc
|
||||
PROD_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz
|
||||
PROD_STRIPE_CLIENT_ID=ca_NZFa6CNybMItWKir9Uk6ojevnYcP7Rbz
|
||||
PROD_APP_URL=stripe-to-invoice.juntekim.com
|
||||
PROD_AWS_REGION=eu-west-2
|
||||
PROD_AWS_ACCESS_KEY_ID=AKIAQL67W6HI2547OPVG
|
||||
PROD_AWS_SECRET_ACCESS_KEY=qCTirw/OCdw6P2aVknGlyh8MQVMmOkrm0NrXTz4j
|
||||
PROD_SES_FROM_EMAIL=no-reply@juntekim.com
|
||||
|
||||
|
|
|
|||
|
|
@ -6,4 +6,9 @@ metadata:
|
|||
type: Opaque
|
||||
stringData:
|
||||
STRIPE_SECRET_KEY: ${STRIPE_SECRET_KEY}
|
||||
STRIPE_CLIENT_ID: ${STRIPE_CLIENT_ID}
|
||||
STRIPE_CLIENT_ID: ${STRIPE_CLIENT_ID}
|
||||
APP_URL: ${APP_URL}
|
||||
AWS_REGION: ${AWS_REGION}
|
||||
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
|
||||
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
|
||||
SES_FROM_EMAIL: ${SES_FROM_EMAIL}
|
||||
Loading…
Add table
Reference in a new issue