# Secrets defined here are available for reference under registry/password, env/secret, builder/secrets, # and accessories/*/env/secret in config/deploy.yml. All secrets should be pulled from either # password manager, ENV, or a file. DO NOT ENTER RAW CREDENTIALS HERE! This file needs to be safe for git. # Example of extracting secrets from 1password (or another compatible pw manager) # SECRETS=$(kamal secrets fetch --adapter 1password --account your-account --from Vault/Item KAMAL_REGISTRY_PASSWORD RAILS_MASTER_KEY) # KAMAL_REGISTRY_PASSWORD=$(kamal secrets extract KAMAL_REGISTRY_PASSWORD ${SECRETS}) # RAILS_MASTER_KEY=$(kamal secrets extract RAILS_MASTER_KEY ${SECRETS}) # Use a GITHUB_TOKEN if private repositories are needed for the image # GITHUB_TOKEN=$(gh config get -h github.com oauth_token) # Grab the registry password from ENV KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD # Improve security by using a password manager. Never check config/master.key into git! RAILS_MASTER_KEY=$(cat config/master.key) POSTGRES_PASSWORD=$(bin/rails runner "puts Rails.application.credentials.dig(:postgres, :password)") MINIO_ROOT_USER=$(bin/rails runner "puts Rails.application.credentials.dig(:minio, :root_user)") MINIO_ROOT_PASSWORD=$(bin/rails runner "puts Rails.application.credentials.dig(:minio, :root_password)")