Config

Create default hashes and passwords

To keep your system secure make sure you choose secure passwords and hashes. All secrets should be put in conf/envs/*.secrets.sh. These files are excluded from Git as no secrets should ever be added to version control. A better place for your secrets would be a password manager eg. Lastpass. We splitted the secrets in a file per environment, so you can give certain developer access to the secrets of the development environment without giving them access to staging or prod environment.

Before you deploy your system, or even better before you start coding, replace the following variables if existing with your own random hashes.

In all environments * CSD_WEBAPP_SERVER_SECRET_KEY (96 lower and upper case chars/numbers) * CSD_WEBAPP_MAIN_POSTGRES_DB_PASSWORD (32 lower and upper case chars/numbers) * CSD_PULUMI_SECRETS_PROVIDER_PASSPHRASE_MAIN (28 or more lower and upper case chars/numbers)

Only needed in prod (as these secrets are needed only for the shared systems which always require the prod env) * CSD_RANCHER_INITIAL_ADMIN_PASSWORD (32 lower and upper case chars/numbers) * CSD_PULUMI_PROVIDER_ROOT_USER_AWS_KEY * CSD_PULUMI_PROVIDER_ROOT_USER_AWS_SECRET * CSD_PULUMI_STATE_ROOT_USER_AWS_KEY * CSD_PULUMI_STATE_ROOT_USER_AWS_SECRET * CSD_PULUMI_SECRETS_PROVIDER_PASSPHRASE_ROOT (28 or more lower and upper case chars/numbers) * CSD_PULUMI_SECRETS_PROVIDER_PASSPHRASE_SHARED (28 or more lower and upper case chars/numbers) * CSD_DRONE_RPC_SECRET (33 lower and upper case chars/numbers)