Avoid baking credentials into Docker image filesystem

Question

Avoid baking credentials into Docker image filesystem

Closed this issue 5 years ago · 3 comments

e.g. consider using AWS Secrets Manager to make credentials available to container as env vars only at runtime.

Answer 1 · 2020-02-08T18:51:51.000Z

This commit moved the AWS credentials out of the Docker image by making use of an IAM role. However, the Google Drive credentials are still baked into the Docker image.

Answer 2 · 2020-02-08T19:13:21.000Z

Move Google Drive service account credentials JSON into AWS Secrets Manager and make them available via the RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS env var. See this documentation. c.f. https://github.com/freerange/heroku-database-backup/commit/26530800eaeb22ee84756ff6b66b0d8980b0cc41.

Answer 3 · 2020-02-10T15:49:32.000Z

Fixed in these commits. Closing.