jack/PocketVeto
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update DEPLOYING.md for secrets file password approach

Browse Source 
Authored by: Jack Levy
This commit is contained in:
Jack Levy
2026-03-15 19:16:16 -04:00
parent 80343d3782
commit 7844367bd2
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
DEPLOYING.md
View File

@@ -55,7 +55,6 @@ ENCRYPTION_SECRET_KEY= # generate: python -c "from cryptography.fernet import F
# PostgreSQL # PostgreSQL
POSTGRES_USER=congress POSTGRES_USER=congress
POSTGRES_PASSWORD=your-strong-password
POSTGRES_DB=pocketveto POSTGRES_DB=pocketveto
# Redis # Redis
@@ -70,6 +69,18 @@ OPENAI_API_KEY=sk-...
OPENAI_MODEL=gpt-4o-mini OPENAI_MODEL=gpt-4o-mini
``` ```
### Database password (secrets file)
The database password lives in a plain file rather than `.env` so that any characters work with no escaping needed.
```bash
mkdir -p secrets
openssl rand -base64 32 | tr -d '+/=' | cut -c1-32 > secrets/db_password
chmod 600 secrets/db_password
```
The `secrets/` directory is gitignored. Docker mounts `secrets/db_password` read-only into each container; the backend reads it automatically to build the database URL. Never commit this file.
Other providers (swap in place of the OpenAI block): Other providers (swap in place of the OpenAI block):
```env ```env
# Anthropic # Anthropic
@@ -112,6 +123,8 @@ SMTP_FROM=alerts@yourdomain.com
docker compose up --build -d docker compose up --build -d
``` ```
> **Note:** Make sure `secrets/db_password` exists before running this command (see step 2). Docker Compose will fail to start if the secrets file is missing.
This will: This will:
1. Pull base images (postgres, redis, nginx, node) 1. Pull base images (postgres, redis, nginx, node)
2. Build the API, worker, beat, and frontend images 2. Build the API, worker, beat, and frontend images