New to WIP?

We're a group of makers shipping together. We help each other stay accountable and reach our goals.

Apply for access
Other questions
🤔 What do you do for marketing? Be the first to reply
🎨 Freelance designers. When and how. 2 answers
What steps are included in your CI pipeline you should have added sooner? 11 answers
AI to work with a lot of data (two usecases) 8 answers
Back
 Question
Asked

What do you use for managing creds for .env files?


Yash Desai
@yhdesai

👋 Join WIP to participate

Sasha Koss
@kossnocorp

direnv

 Reply
KimSia Sim
@kimsia

Is the direnv used for development envrionments on laptop? or also for production environments on linux VPS servers?

 Reply
Dave Metrics
@davemetrics

Another vote for direnv 👆only in development though - on production I usually use a PaaS (Heroku, Netlify etc).

Reply
KimSia Sim
@kimsia

Not sure you meant by "managing creds", I'm looking at storing codebase specific env variables for production on github secrets at the repo level.

Then somehow use github actions to deploy and re-create the .env file for production environments

UPDATE:

I wrote up of my current approach as a SO answer to my own question.

Reproduced below:

I realized I should have fleshed out the whole target scenario more explicitly in terms of hard requirements.

Must use:

  • Github Actions
  • Ubuntu LTS VPS (I use DigitalOcean)

Must see:

  • the codebase on the VPS be updated to latest main branch
  • there is a new .env file in the project path on the VPS

I discover 2 general approaches.

Outline:
1. checkout action then rsync to update codebase
2. create-envfile then rsync

This approach uses mixture of GitHub Actions. Namely, checkout and create-envfile

  1. ssh-action then
    1. git clone using bash script to update codebase
    2. create envfile using bash script

This approach uses 1 GitHub Action but it needs more bash scripting

I chose approach 2 because git clone is superior to rsync.

This is my ci.yml

name: Deploy via SSH
on: [workflow_dispatch]
jobs:
  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    steps:
    - name: Deploy via SSH
      uses: appleboy/ssh-action@master
      with:
        host: ${{ secrets.SSH_HOST }}
        username: ${{ secrets.SSH_USERNAME }}
        key: ${{ secrets.SSH_KEY }}
        script: |
          # git update to latest codebase on main branch
          cd /path/to/project && git pull
          # updating the .env file
          cat <<EOF > ${{ secrets.ENVFILE_PATH }}
          # start of envfile
          DJANGO_SECRET_KEY=${{ secrets.ENVFILE_DJANGO_SECRET_KEY }}
          # end of envfile
          EOF
          # see end result of envfile
          ls -l ${{ secrets.ENVFILE_PATH }}

As for how to save the secrets to your GitHub repo for SSH access, please check this article

Note: the cloudflare was overzealous in hiding the repo and branch name which uses the @ symbol. So best to go read the SO answer to see the full response

 Reply
Abdullah Sahin
@abdullah

Thank you for sharing KimSia :)

 Reply
Sasa Cocic
@sasacocic

I guess this is particular to my setup, but since I'm using vercel on the front end for nextjs I just do it on their website. This is great if your website is all static.

server side I usually just use an ec2 instance. On there I usually use systemd unit file to run my server. In the unit file I put all my env. variables. But in code I just use dotenv github.com/motdotla/dotenv

 Reply
Pratyush Mittal
@faltoo

django-environ: github.com/joke2k/django-envi…

Django Environ is fabulous in production. We can place the .env file anywhere. And no other setup is needed. The env file is picked by Django through settings.py.

There is also pypi.org/project/python-envir…. This can be helpful if you have a Python project but not Django specific.

 Reply
KimSia Sim
@kimsia

thanks for providing both django and python specific

 Reply