Encryption on environment variable substitution?
Closed this issue · 3 comments
Hi,
I read the tutorials on setting up a production environment for node-red projects. Very interesting stuff!
In the mean time I used some techniques described. One of them is using environment variables.
But one question about encryption remains open. You move all env dependant variables from the flow file to a env.list file.
But for secret variables like passwords, those are no longer encrypted in the env.list, as opposed to the flow credentials file where you had to possibility to encrypt.
So how would you solve this matter?
Hello,
This workshop assumes you will be deploying the application into a container orchestration platform, similar to a cloud infrastructure. Using a local file is a way to provide a test option without having to use a container orchestration platform, but isn't suitable for production use.
Managing configuration as part of the environment is one of the 12-factor app best practices and most cloud platforms have a mechanism of providing secrets to an application using environment variables or local files on the file system. The cloud platform will provide the mechanism to configure and protect the secrets.
For example Kubernetes documentation describes the options for providing secrets as a local file mapped into the container or by setting environment variables inside containers.
Hope this answers the question?
hi,
thanks for the quick response. Yes, clear answer. Let's say that for the moment we are only halfway in our project. the container orchestration platform is something we need to figure out in depth. But with your explanation I already got some good clues in which direction to look further.
thanks
It may be worth looking at Minikube, k3s or the Kubernetes platform included in Docker on Windows or Mac. There are all good options for a local Kubernetes setup - plenty of good tutorial on the net to help you get started.
Going forward you may want to look at the services provided on clouds, they manage the platform for you, but there are often costs involved.