not-kennethreitz/convore.json
1
0
Fork 0
mirror of https://github.com/not-kennethreitz/convore.json.git synced 2026-06-21 15:40:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
convore.json/groups/epio/secrets-and-secret-keys/messages.json
T
Kenneth Reitz add958b068 shuffle things around a bit
2012-02-21 01:15:00 -05:00

1 line
15 KiB
JSON
Raw Permalink Blame History

[{"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306683181.870903, "message": "How are people handling SECRET_KEY in ep.io deployments, particularly if the codebase is open source?", "group_id": 2873, "id": 1218083}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306683625.0526171, "message": "Currently you can use a vcs-untracked file that gets uploaded, but that becomes painful if you've got multiple people with permission to deploy.", "group_id": 2873, "id": 1218129}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306683242.3020661, "message": "Or other secrets (e.g. mail server logins)?", "group_id": 2873, "id": 1218089}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306683333.5413949, "message": "Since ep.io already contains some Django-specific niceties, it struck me that it would be kind of handy if bundle_config contained a SECRET_KEY you could use. That would remove the hassle of handling the most common secret.", "group_id": 2873, "id": 1218103}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306683383.646405, "message": "A more general solution might involve a place on the dashboard where you could set some arbitrary data that would then be made available to you under a key in bundle_config.config.", "group_id": 2873, "id": 1218107}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306703597.934597, "message": "it's still a random key, but people will want more than just one thing (API creds, etc)", "group_id": 2873, "id": 1220504}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306704317.876524, "message": "@carljm We'll have a dashboard-based solution eventually, but we still have more essential things to build as well (e.g. solr support)", "group_id": 2873, "id": 1220600}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306703530.543992, "message": "no, indeed", "group_id": 2873, "id": 1220493}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703519.6173611, "message": "The idea would be to have a source of secrets that's shared by everyone deploying, but not in the repo.", "group_id": 2873, "id": 1220491}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703538.584166, "message": "I was just noting that a service like epio is in a unique position to provide a really nice solution :-)", "group_id": 2873, "id": 1220495}, {"user_id": 8740, "stars": [{"date_created": 1309134142.9350569, "user_id": 8391}], "topic_id": 37272, "date_created": 1306704114.5097201, "message": "@carljm yeah; with the upcoming scp/sftp access to ../data/ we'll probably recommend that", "group_id": 2873, "id": 1220578}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703524.949971, "message": "Problem isn't epio-specific, of course.", "group_id": 2873, "id": 1220492}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703603.3288651, "message": "yup", "group_id": 2873, "id": 1220505}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703480.1119821, "message": "@andrewgodwin sure, but that doesn't help the situation, since epio.ini is most likely checked-in to VCS as well.", "group_id": 2873, "id": 1220486}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703545.852628, "message": "especially since we already have bundle_config", "group_id": 2873, "id": 1220497}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306703580.3722539, "message": "yeah, that actually does contain a SECRET_KEY in our upcoming release, but that's for sending profile information back to us if needs be", "group_id": 2873, "id": 1220502}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306703441.502188, "message": "@carljm well, you can set arbitary environment variables in epio.ini", "group_id": 2873, "id": 1220480}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306703511.5771489, "message": "@carljm Indeed; \"epio upload\" can be used to combine vcs files with non-vcs files, but I see the underlying problem", "group_id": 2873, "id": 1220488}, {"user_id": 8740, "stars": [{"date_created": 1306704074.4296041, "user_id": 214}, {"date_created": 1306803981.5839019, "user_id": 12716}, {"date_created": 1309134098.2691259, "user_id": 8391}], "topic_id": 37272, "date_created": 1306703544.7130251, "message": "the best solution might be to put those secrets in the read/write storage somehow", "group_id": 2873, "id": 1220496}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703808.8299749, "message": "Hmm, that's a good point. I suppose I could drop a file into ../data/ and it'll persist across deploys. Hadn't thought of that.", "group_id": 2873, "id": 1220542}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306703877.038887, "message": "Yes, that'll actually work quite nicely - thanks! (Though if you ever did get around to a bundle_config/dashboard-based solution, that'd be even lower barrier to entry...)", "group_id": 2873, "id": 1220549}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306716624.7200451, "message": "Even without scp/sftp access, run_command bash and judicious use of \"cat\" is adequate to create a simple secrets file.", "group_id": 2873, "id": 1222402}, {"user_id": 29682, "stars": [], "topic_id": 37272, "date_created": 1306748377.868432, "message": "Why not remove SECRET_KEY from settings.py, and keep a skeleton production_settings.py.sample file which \"import * from settings\" pattern (i.e. users need to customize a separate settings file, one requirement of which is to set up a SECRET. This has the side-effect of keeping application configuration (i.e. the agnostic settings and config of the app) separate from specific installation configuration.", "group_id": 2873, "id": 1225702}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1306750996.5867889, "message": "@bradwhittington That's what I do personally; however, if you're using \"git push\", and not \"epio upload\", that's not going to work as you can't ship an uncommitted file.", "group_id": 2873, "id": 1225958}, {"user_id": 214, "stars": [], "topic_id": 37272, "date_created": 1306762877.4759581, "message": "@bradwhittington That's what I usually have done as well. The problem with that solution, as I pointed out above, is that if multiple people should be able to deploy the app, it makes it tricky to share the correct deployment configuration among them. (And in general, having important information like your current deployment config sitting around not version-controlled is icky - it's just one errant \"git clean\" away from disappearing). Also as noted above, that's not an epio-specific problem, but it is one that epio can potentially supply a neat solution for.", "group_id": 2873, "id": 1227303}, {"user_id": 33300, "stars": [], "topic_id": 37272, "date_created": 1306854651.8751061, "message": "I use a private repo with secrets and ep.io configuration, that then pulls in an open source repo using requirements.txt to hold the actual django project and apps itself. Works well so far.", "group_id": 2873, "id": 1238181}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309017248.3613391, "message": "Rather than keeping these secrets on the local file system, in a separate repo, or in ../data/, could it make more sense to use one of the 'live settings' solutions?: http://djangopackages.com/grids/g/live-setting/", "group_id": 2873, "id": 1484556}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309018812.6643131, "message": "@webmaven That makes reproducable deploys a lot harder, though, since you have to either do it manually or somehow update the database remotely", "group_id": 2873, "id": 1484661}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309029357.294059, "message": "@andrewgodwin Well, give me a sanity check on this: I figure either the deployment is using the same data (because it is connecting to the existing DB), or it is a *new* instance, which means it needs it's own secrets anyway. Am I missing a scenario?", "group_id": 2873, "id": 1485297}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309080670.2070251, "message": "@webmaven I can think of cases where you'd want the same secrets and not the same db - for example, different apps where you're sharing signed cookies or something. However, you're right in the general case, I guess.", "group_id": 2873, "id": 1487984}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309080687.2010889, "message": "I've just seen settings-in-databases abused so badly that I immediately shy away from the idea.", "group_id": 2873, "id": 1487986}, {"user_id": 2, "stars": [], "topic_id": 37272, "date_created": 1309110362.7102649, "message": "I really like the environment variables in ep.io... so easy!", "group_id": 2873, "id": 1489821}, {"user_id": 2, "stars": [], "topic_id": 37272, "date_created": 1309110518.605417, "message": "oh, of course everyone in my team is using the same local settings, which makes things a lot easier", "group_id": 2873, "id": 1489837}, {"user_id": 2, "stars": [], "topic_id": 37272, "date_created": 1309110395.7959659, "message": "I'm actually going with just one settings.py file for both local and prod and using an environment variable to check if it's production", "group_id": 2873, "id": 1489823}, {"user_id": 2, "stars": [], "topic_id": 37272, "date_created": 1309110438.0771489, "message": "@carljm so I would probably just set an environment variable with my secret key if I didn't want it in my source code", "group_id": 2873, "id": 1489828}, {"user_id": 2, "stars": [], "topic_id": 37272, "date_created": 1309110462.751024, "message": "then check the production variable to see if I should get the secret key from an environment variable as well", "group_id": 2873, "id": 1489830}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309157316.7338929, "message": "@leah, how do you set an environment variable on ep.io without using the epio.ini file (which would likely be checked into version control as well)?", "group_id": 2873, "id": 1493282}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309164746.7519741, "message": "@webmaven You can write an epio-myappname.ini as well, which gets merged in: http://www.ep.io/docs/epioini/", "group_id": 2873, "id": 1493711}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309168259.7390311, "message": "Hmm. I suppose I can add it to the .gitignore to prevent it accidentally being checked in. It might be useful to have a separate epio-secrets.ini file (or epio-myappname-secrets.ini), so epio-myappname.ini *can* be checked in, though.", "group_id": 2873, "id": 1494039}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309167623.3065879, "message": "@webmaven Not necessarily - if you just use it to store secrets, there's no need to", "group_id": 2873, "id": 1493988}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309167526.5878739, "message": "@andrewgodwin that's a useful feature, to be sure, but epio-myappname.ini would just as surely be checked in to version control....", "group_id": 2873, "id": 1493983}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309168595.9988191, "message": "I suppose, though I'm averse to us having too many files :)", "group_id": 2873, "id": 1494072}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309169120.1319909, "message": "Could you instead add an 'include' directive?", "group_id": 2873, "id": 1494109}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309169138.7426691, "message": "I guess, though that starts taking it away from .ini format", "group_id": 2873, "id": 1494111}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309169301.3478611, "message": "then again, we need to do that anyway to make it case-sensitive", "group_id": 2873, "id": 1494120}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309191571.9966071, "message": "[include]\nsecrets.ini", "group_id": 2873, "id": 1496759}, {"user_id": 1963, "stars": [], "topic_id": 37272, "date_created": 1309193886.678735, "message": "It uses this syntax: \"%include .hgrc_local\". I like @webmaven's suggestion better though.", "group_id": 2873, "id": 1497141}, {"user_id": 1963, "stars": [], "topic_id": 37272, "date_created": 1309193838.9991679, "message": "Mercurial's .hgrc is .ini style, but allows includes", "group_id": 2873, "id": 1497129}, {"user_id": 5980, "stars": [], "topic_id": 37272, "date_created": 1309253473.96434, "message": "I like the \"include\" idea, but I don't think it actually solves the problem. It still means that if a developer has the ability to deploy the code, they need to have a copy of the production secrets on their own machine. If the secrets were entered once in a central place (ie the admin control panel) and then appended to the bundle config, it would make team collaboration much easier.", "group_id": 2873, "id": 1504453}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309260329.9082789, "message": "I'll look into providing some way of setting environment variables via the control panel", "group_id": 2873, "id": 1504875}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309260309.4238999, "message": "@j4mie Agreed, there's no real central way to push them among developers, and we already have the secrets anyway.", "group_id": 2873, "id": 1504873}, {"user_id": 8740, "stars": [], "topic_id": 37272, "date_created": 1309260345.2377019, "message": "(we don't want to just let you write config, as that would encourage bad habits)", "group_id": 2873, "id": 1504876}, {"user_id": 5980, "stars": [], "topic_id": 37272, "date_created": 1309280181.7329969, "message": "Yep, environment variables are probably the cleanest way to do it.", "group_id": 2873, "id": 1507490}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309287208.5132439, "message": "However, I can still think of a remaining scenario of difficult coordination, that of copying environment variables between apps, or coordinating changes between apps.", "group_id": 2873, "id": 1508351}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309286862.3139541, "message": "All that said, writing environment vars from the control panel is probably a better solution for this particular issue.", "group_id": 2873, "id": 1508311}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309286730.307487, "message": "While having a non-checked-in secrets.ini file 'included' seems functionally similar to having a non-checked-in deployment-specific settings.py file, it seems a bit cleaner. It has the same advantage of being deployment specific (if I 'include' it from epio-myappname.ini rather than from epio.ini), and shouldn't stop anyone from independently forking and deploying the code on their own (whether on ep.io or elsewhere). Yes, there is still a coordination problem among developers who are deploying to the same app, but it is sharply reduced in scope, since deployment specific (but non-secret) settings can still go into epio-myappname.ini.", "group_id": 2873, "id": 1508278}, {"user_id": 31790, "stars": [], "topic_id": 37272, "date_created": 1309287216.37679, "message": "At that point though it may be time to consider the 'private repo' solution instead, or something similar.", "group_id": 2873, "id": 1508353}]
Reference in New Issue View Git Blame Copy Permalink