-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker: Introduce .env.dist file to store sensitive data #13
Conversation
Hey @dev7ch have you tested everything with a fresh installation of all docker containers? (rebuild) |
@rainerCH yes I tested it. ( all images and container removed before testing) |
I changed |
ok, it worked for me fine with the ".." as well, on OSX and if the "" are removed form .env they should be added in docker-compose.yml probably. @nadar did you test it with "" ? |
doesn't work for me with "" as well. |
ok, my bad it seem not to work with the "" which is far away from logic, maybe only for me ;) |
So we could merge, what do you think @rainerCH? |
I have another Idea to make the installation steps more simple: step 1: docker-compose build --build-arg GITHUB_TOKEN=token luya_composer so in fact people do not have to copy (and edit) any files. --> I suggest to remove the .env.dist, remove the args section in docker-compose and add the build command to readme.md |
@rainerCH yes it think that´s a good alternative as well. But what i am not sure about is, if the image has been destroyed, is on rebuild is a new token required? What you think? just guessing it could be causes the token will be stored in the image i think. And you can view this token only once. |
thats true, you have to pass the token again to the build process but:
i made another pull request with my proposal |
@rainerCH yes normally an images should not been rebuild but image you would like to test an apache image besides nginx, this would mean you have to generate a new token ( which is less simple then store it in a .gitignored file) And personally, i like the way of copy a file and adding more then read the docs,which feels more simple for me then adding argument via command line. @nadar what do you think? |
@dev7ch I am going to close this PR, but please make another PR which extends the docker README with this information, so it could be "another way" to solve this problem. |
ok |
@dev7ch i think after yii 2.1 release, there is no need for FXP plugin anymore which currently hits the api request limit. so maybe there is not even any need to provide an api key anymore. |
ok, yes thats an argument to leave it that way |
Due we have sensitive data such as a Github I would suggest to store sensitive data in a file which is .gitignored automatically.