diff --git a/{{cookiecutter.project_slug}}/Makefile b/{{cookiecutter.project_slug}}/Makefile index 2f1dcc41..6d499bca 100644 --- a/{{cookiecutter.project_slug}}/Makefile +++ b/{{cookiecutter.project_slug}}/Makefile @@ -150,9 +150,6 @@ secure: ## Analyze dependencies for security issues node: ## Shell into the running Node container @docker-compose exec frontend /bin/bash -read-op-secrets: ## Read the secrets from 1Password and set to enviroment variables - /bin/bash -c "source .envrc" && echo "Environment variables set from 1Password" - sandbox-secrets: ## Substitute with secrets template with env variable and run kubeseal @echo "Sealing secrets from sandbox template to $$(kubectl config current-context)" envsubst < k8s/templates/sandbox.secrets.yaml.template | kubeseal --format yaml > k8s/sandbox/secrets.yaml diff --git a/{{cookiecutter.project_slug}}/README.md b/{{cookiecutter.project_slug}}/README.md index 9d736177..f54efa90 100644 --- a/{{cookiecutter.project_slug}}/README.md +++ b/{{cookiecutter.project_slug}}/README.md @@ -83,10 +83,9 @@ Configure kubernetes to your current project config and context, making sure you $ export KUBECONFIG=~/.kube/config:~/.kube/{{cookiecutter.project_slug}}.ec2.config $ kubectl config use-context {{cookiecutter.project_slug}}-ec2-cluster -To ease managing your passwords and secrets you can store the values in 1Password. The makefile target `read-op-secrets` will read the values from 1Password and export it to enviroment variables. -(The 1Password path in .envrc MUST match the path in the vault) - - $ make read-op-secrets +To ease managing your passwords and secrets you can store the values in 1Password. The `.envrc` file will read from 1Password and export the values to the enviroment. +You will need to install and configure [1Password cli](https://developer.1password.com/docs/cli/get-started/) +You can automatically source from the `.envrc` file using [direnv](https://direnv.net/docs/installation.html) You can also manually export the variables to your environment. Add the secrets to your manifest using the secrets template file, and run kubeseal on the unencrypted values. The makefile target `sandbox-secrets` will replace the variables in `./k8s/templates/secrets.yaml.template` with the encoded variables from the environment, and copy the manifest with the encrypted values to `.k8s/sandbox/secrets.yaml`. The same can be done for the prod environment using the `prod-secrets` target