docs: update DEPLOYING.md for secrets file password approach
Authored by: Jack Levy
This commit is contained in:
Jack Levy
15
DEPLOYING.md
15
DEPLOYING.md
@@ -55,7 +55,6 @@ ENCRYPTION_SECRET_KEY= # generate: python -c "from cryptography.fernet import F
|
||||
|
||||
# PostgreSQL
|
||||
POSTGRES_USER=congress
|
||||
POSTGRES_PASSWORD=your-strong-password
|
||||
POSTGRES_DB=pocketveto
|
||||
|
||||
# Redis
|
||||
@@ -70,6 +69,18 @@ OPENAI_API_KEY=sk-...
|
||||
OPENAI_MODEL=gpt-4o-mini
|
||||
```
|
||||
|
||||
### Database password (secrets file)
|
||||
|
||||
The database password lives in a plain file rather than `.env` so that any characters work with no escaping needed.
|
||||
|
||||
```bash
|
||||
mkdir -p secrets
|
||||
openssl rand -base64 32 | tr -d '+/=' | cut -c1-32 > secrets/db_password
|
||||
chmod 600 secrets/db_password
|
||||
```
|
||||
|
||||
The `secrets/` directory is gitignored. Docker mounts `secrets/db_password` read-only into each container; the backend reads it automatically to build the database URL. Never commit this file.
|
||||
|
||||
Other providers (swap in place of the OpenAI block):
|
||||
```env
|
||||
# Anthropic
|
||||
@@ -112,6 +123,8 @@ SMTP_FROM=alerts@yourdomain.com
|
||||
docker compose up --build -d
|
||||
```
|
||||
|
||||
> **Note:** Make sure `secrets/db_password` exists before running this command (see step 2). Docker Compose will fail to start if the secrets file is missing.
|
||||
|
||||
This will:
|
||||
1. Pull base images (postgres, redis, nginx, node)
|
||||
2. Build the API, worker, beat, and frontend images
|
||||
|
||||
Reference in New Issue
Block a user