You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the nginx password is put into the image at build time. This is not great from the point of view of handling secrets — the image could be inadvertently pushed to a container registry, for example.
The password comes from the value you set in ../../config/portal-config-envs. These *-envs files are by convention used for runtime vars, not build time.
So for a start, we could name the vars files better to distinguish between build and run time, otherwise a developer/deployer might assume you can change that variable and it will actually change the password.
But really we should make it so that nginx sets the password at startup time. This all stems from nginx config files being unable to refer to environment variables. There is some workaround involving templating on startup that we should probably implement. Or we could come up with something better.
The text was updated successfully, but these errors were encountered:
Currently the nginx password is put into the image at build time. This is not great from the point of view of handling secrets — the image could be inadvertently pushed to a container registry, for example.
The password comes from the value you set in
../../config/portal-config-envs. These *-envs files are by convention used for runtime vars, not build time.So for a start, we could name the vars files better to distinguish between build and run time, otherwise a developer/deployer might assume you can change that variable and it will actually change the password.
But really we should make it so that nginx sets the password at startup time. This all stems from nginx config files being unable to refer to environment variables. There is some workaround involving templating on startup that we should probably implement. Or we could come up with something better.
The text was updated successfully, but these errors were encountered: