I need the names of the keys for a build pipeline in GitHub actions, the values of the keys encrypted in the repo but decrypted in my local environment.
Example:
I need the .env file like this (decrypted) in my local environment:
ACCESS_KEY = mykeysecret123
ANOTHER_KEY = key2secret
.env-file
And like this (encrypted) in the GitHub repo:
ACCESS_KEY = f4d5dfa6f5da4f6as5dfsdhgzxcvr4
ANOTHER_KEY = dhjdujfk5f64f8ghjdj5j56jhjh4jhf
.env-file-encrypted
Very similar to what transcrypt does, but transcypt encrypts the whole file, and I need the key names of the file to be not-encrypted, so when the build runs in Github actions it can find the names of the variables. The build does not need the actual secret values. It's failing becase I have a config file with:
import { ACCESS_KEY, ANOTHER_KEY} from 'react-native-dotenv'
And when the build looks for those names in the .env file, it can't find them if the file is encrypted with transcrypt or git-crypt or any other encrypting tool that encrypts the whole file.
There is a nice tool by Mozilla that encrypts only the values and not the keys of your secret file
https://github.com/mozilla/sops
Follow the detailed tutorial video here : https://www.youtube.com/watch?v=V2PRhxphH2w
react-native-dotenv maintainer here! I took a look at your screenshots and I'm noticing a couple issues:
Make sure to remove all spaces in the .env file around the =, e.g. ACCESS_KEY=f4d5dfa6f5da4f6as5dfsdhgzxcvr4.
you need to do import { ACCESS_KEY, ANOTHER_KEY } from '#env'
Related
I am trying to create a database for my Flask application in the main directory of my project. This is my code for initializing a database:
app.config["SQLALCHEMY_DATABASE_URI"] = 'sqlite:///users.db'
app.config["SQLALCHEMY_TRACK_MODIFICATIONS"] = False
db = SQLAlchemy(app)
Flask requires application context, so this is how I create the database:
$ flask shell
>>> db.create_all()
I also tried doing it with:
$ python
>>> from app import app, db
>>> app.app_context().push()
>>> db.create_all()
Both of these options create the database in the /instance directory. Is there any way to get around this and create it in the main directory of the project?
The instance path is the preferred and default location for the database. I recommend you to use this one for security reasons. However, it is also possible to choose an alternative solution in which the full length of the path is specified in the configuration.
The following configuration corresponds to an outdated variant, where the database is created in the current working directory. Please don't use this anymore.
app.config['SQLALCHEMY_DATABASE_URI'] ='sqlite:///' + os.path.join(os.getcwd(), 'users.db')
This corresponds to the current solution.
app.config['SQLALCHEMY_DATABASE_URI'] ='sqlite:///' + os.path.join(app.instance_path, 'users.db')
I have keystore in windows as below -
secretkeys.skr
publickeys.pkr
I want to add new pgp pubic keys to above keystore. Can someone help me with the command.
I tried using some tool and gpg commands but no luck as the keys are not updating in the above files.
We use below command to list and encrypt
pkzipc -listcertificates=AddressBook
pkzipc -add -archivetype=pgp -cryptalg=AES,128 -recipient="!encryptionKey!" "!encrptedFileDestination!\%%~nxA" "%%~fA"
Can someone help with any command or tool where I can set the keyring to above file and import the keys to that store.
Thanks,
Arpit
How can I get rails to generate a master key? I'm wanting it to decrypt the credentials file in a production environment.
This is how I tried to generate a new key:
config$ rm credentials.yml.enc
config$ EDITOR=vim rails credentials:edit
File encrypted and saved.
In case anyone is looking for a way to generate an encryption key that is exactly 32 characters:
$ bundle exec rails secret | cut -c-32
=> 8d000d7e7233facfc8300b9a3fe0421e
Then save that to your .env as:
# Generated by:
# bundle exec rails secret | cut -c-32
# If one is already setup, you may need to ask someone for it.
RAILS_MASTER_KEY=8d000d7e7233facfc8300b9a3fe0421e
So it turns out I had RAILS_MASTER_KEY set as an environment variable from testing. Rails was referencing that instead of generating a new key. I unset the environment variable and it's now working.
Is there a way to encrypt the airflow config file sql_alchemy_conn string , the password shown in example is plaintext . What options are there to secure it. Also if the password has special chars how it must be escaped in the config file
Trying to install airflow using airflow role.
# See: https://www.sqlalchemy.org/
sql_alchemy_conn:
value: "postgresql+psycopg2://pgclusteradm#servername:PLAINTEXTPASSWORD#server.postgres.database.azure.com/airflow2"
Way to encrypt password, couldn't find how to encrypt this.
You can provide the database URI through environment variables instead of the config file. This doesn't encrypt it or necessarily make it more secure, but it at least isn't plainly sitting in a permanent file.
In your airflow.cfg you can put a placeholder:
[core]
...
sql_alchemy_conn = override_me
...
Then set AIRFLOW__CORE__SQL_ALCHEMY_CONN=postgresql+psycopg2://... in an environment variable when you bring up Airflow components. This way of setting and overriding configuration options through environment variables is detailed in the docs, but the basic format is AIRFLOW__{SECTION}__{KEY}=<value>.
There are 2 ways of securing this as mentioned in docs:
1) Environment Variable:
You can override the setting in airflow.cfg by setting the following environment variable:
AIRFLOW__CORE__SQL_ALCHEMY_CONN=my_conn_string
This way you can keep the setting in airflow.cfg as empty so no one can view the password.
2) Get string by running command:
You can also derive the connection string at run time by appending _cmd to the key like this:
[core]
sql_alchemy_conn_cmd = bash_command_to_run
I'm trying to set an environment variable for an API key that I don't want in my code. My source javascript looks something like this :
.get(`http://api-url-and-parameters&api-key=${process.env.API_KEY}`)
I'm using webpack and the package dotenv-webpack https://www.npmjs.com/package/dotenv-webpack to set API_KEY in a gitignored .env file and it's all running fine on my local. I'd like to also be able to set that variable when deploying through Netlify, I've tried adding it through to GUI to the 'build environment variables', and also to set it directly in the build command, but without success.
Any idea what might be the issue ?
WARNING: If this is a secret key, you will not want to expose this environment variable value in any bundle that gets returned to the client. It should only be used by your build scripts to be used to create your content during build.
Issue
dotenv-webpack expects there to be a .env file to load in your variables during the webpack build of your bundle. When the repository is checked out by Netlify, the .env does not exist because for good reason it is in .gitignore.
Solution
Store your API_KEY in the Netlify build environment variables and build the .env using a script prior to running the build command.
scripts/create-env.js
const fs = require('fs')
fs.writeFileSync('./.env', `API_KEY=${process.env.API_KEY}\n`)
Run the script as part of your build
node ./scripts/create-env.js && <your_existing_webpack_build_command>
Caveats & Recommendations
Do not use this method with a public facing repository [open] because any PR or branch deploy could create a simple script into your code to expose the API_KEY
The example script above is for simplicity so, make any script you use be able to error out with a code other than 0 so if the script fails the deploy will fail.
You can set Dotenv-webpack to load system environment variables as well as those you have declared in your .env file by doing the following:
plugins: [
new Dotenv({
systemvars: true
})
]
I.e Setting the systemvars attribute of your webpack dotenv plugin to true.
Note that system environment variables with the same name will overwrite those defined in your .env file.
Source: https://www.npmjs.com/package/dotenv-webpack#properties
if you go to corresponding site's settings in Netlify, under build&deploy you can find a section called environment variables you can easily add your environment variables from there. if you add MY_API_KEY variable to environment variables you will be able to access it inside your project via process.env.MY_API_KEY.
If you're using Nuxt JS there is a more "straight forward" approach.
Just edit the nuxt.config.js like so:
module.exports = {
env: {
GOOGLE_API_KEY: process.env.GOOGLE_API_KEY
},
// ...
Then add the GOOGLE_API_KEY to Netlify through the build environment variables as usual.
Credit goes to yann-linn and his answer on github.
What you can also do is also to define a global constant in Webpack. Netlify environment variables defined in UI will work with it. You don't need dotenv or dotenv-webpack.
webpack.config.js
const webpack = require("webpack");
module.exports = {
plugins: [
new webpack.DefinePlugin({
"process.env.API_KEY": JSON.stringify(process.env.API_KEY)
}),
]
}
However again, of course you shouldn't do it just inputting enviornmental variables in the frontend if your API key is confidential and project public. The API key will appear in the source code of the website and will be easily accessible for everyone visiting it. Lambda function would be a better option.
You can use the Netlify's config file also ...
You can find documentation here.
Also i wanted to have the same ENV variables with with different values per branch/environment.
This workaround worked for me:
Create a netlify.toml file like:
[build]
NUXT_ENV_BASE_API = "/api"
NUXT_ENV_HOST_DOMAIN = "https://your-domain.gr"
[context.branch-deploy]
environment = { NUXT_ENV_BASE_API = "/dev-api", NUXT_ENV_HOST_DOMAIN = "https://dev.your-domain.gr" }
[context.production]
environment = { NUXT_ENV_BASE_API = "/api", NUXT_ENV_HOST_DOMAIN = "https://your-domain.gr" }
And deploy in Netlify ...