summaryrefslogtreecommitdiffhomepage
path: root/.kamal/secrets
diff options
context:
space:
mode:
authorAdam Malczewski <[email protected]>2026-03-30 19:03:22 +0900
committerAdam Malczewski <[email protected]>2026-03-30 19:03:22 +0900
commit952c6b565832dd0dbcef7a9a80edc871f79e15a8 (patch)
tree698db27a35f8f40356a0381a32a02767481dc6a9 /.kamal/secrets
downloaddispatch-api-952c6b565832dd0dbcef7a9a80edc871f79e15a8.tar.gz
dispatch-api-952c6b565832dd0dbcef7a9a80edc871f79e15a8.zip
initHEADmaindev
Diffstat (limited to '.kamal/secrets')
-rw-r--r--.kamal/secrets20
1 files changed, 20 insertions, 0 deletions
diff --git a/.kamal/secrets b/.kamal/secrets
new file mode 100644
index 0000000..b3089d6
--- /dev/null
+++ b/.kamal/secrets
@@ -0,0 +1,20 @@
+# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets,
+# and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either
+# password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git.
+
+# Example of extracting secrets from 1password (or another compatible pw manager)
+# SECRETS=$(kamal secrets fetch --adapter 1password --account your-account --from Vault/Item KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY)
+# KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD ${SECRETS})
+# RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY ${SECRETS})
+
+# Example of extracting secrets from Rails credentials
+# KAMAL_REGISTRY_PASSWORD=$(rails credentials:fetch kamal.registry_password)
+
+# Use a GITHUB_TOKEN if private repositories are needed for the image
+# GITHUB_TOKEN=$(gh config get -h github.com oauth_token)
+
+# Grab the registry password from ENV
+# KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
+
+# Improve security by using a password manager. Never check config/master.key into git!
+RAILS_MASTER_KEY=$(cat config/master.key)
generated by cgit v1.2.3 (git 2.39.1) at 2026-04-14 21:24:14 +0000