Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to Manage Environment Variables for Continuous Deployment

Tags:

automation

continuous-integration

ansible

chef-infra

puppet

So, a common practice these days is to put connection strings & passwords as environment variables to avoid their being placed into a file. This is all fine and dandy, but I'm not sure how to make this work when trying to set up a continuous deployment workflow with some configuration management tool such as Salt/Ansible or Chef/Puppet.

Specifically, I have the following questions in environments using the above mentioned configuration management tools:

  1. Where do you store connection strings/passwords/keys separate from codebases?
    • Do you keep those items in a code-repo of some type (git, etc.)?
    • Do you use some structure built-in to your tool?
  2. How do you keep those same items secure?
  3. Do you track changes/back-up these items, and if so, how?
like image 921
eikonomega Avatar asked Jan 09 '14 15:01

eikonomega

People also ask

How do you manage environment variables?

There are multiple solutions: you ask each developer to set the value in their environment before launching the application. you add some logic at the application's initialization to use the API key environment variable value if it exists, otherwise, fall back to the plain configuration file.

Can you change the environment variables of a running process?

In general, you can only influence a process's environment variables at the time the process starts up. If you need to communicate a change to a running process, the environment isn't the right tool.

1 Answers

In Chef you can

  1. store passwords or API tokens in either encrypted data bags or using chef-vault. They are then decrypted while chef does the provisioning (with encrypted data bags using a shared secret, with chef-vault using the existing PKI of Chef client).
  2. set environment variables when calling external software using the environment parameter of e.g. the execute resource.
  3. not sure, what to write here -- I'd say you don't really manage them. This way you set the variables only for the command that needs it, not e.g. for the whole chef run.
like image 182
StephenKing Avatar answered Oct 29 '22 00:10

StephenKing
Sign in to Comment

Related questions

detecting a file downloaded in selenium java
vscode gulp / grunt script running vscode chrome debugger extension
Android Gradle 'versionCode' not read from environment variable
How to get the Browser info in C# WebDriver?
How to create a Python script to automate software installation? [closed]
How can I get the Range of filtered rows using Excel Interop?
Automated x86 instruction obfuscation
Using selenium: How to keep logged in after closing Driver in Python
Protection against automation
Excel Automation - how to just say No
Ole 800A03EC error when using TExcelWorkBook SaveAs method in Delphi 7
A better way to do git clone
Automate Connect-AzureAD using powershell in Azure Devops
Telnet automation / scripting [closed]
How to determine the session id on remote machine for usage with psexec -i using script/powershell/...?
How to test wifi connection via adb?
Is there a browser-agnostic way to detect client-side script errors with Watin?
Is there a headless browser for .NET (for automated Web-UI-Tests)?
iOS Development: Is there a way to read .trace files from command prompt without using instruments

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!