1.3 KiB · text 5af55d9
# Example app-level secret for the git_gud deployment.
#
# Postgres credentials are NOT in here — they're managed by StackGres
# and pulled from the `postgres` secret in the namespace (see pg.yml).
# This file carries the application's own secrets only.
#
# Generate the secret_key_base with:
#
# mix phx.gen.secret
#
# Or, if you don't have Mix on the host:
#
# openssl rand -base64 64 | tr -d '\n'
#
# Don't commit the populated copy — `app-secrets.yml` and `*.secret.yml`
# are gitignored.
apiVersion: v1
kind: Secret
metadata:
name: elixir-args
namespace: git-gud
type: Opaque
stringData:
# `mix phx.gen.secret` output. 64+ bytes of base64 entropy.
secret_key_base: "REPLACE_ME_with_64_bytes_of_base64_entropy_from_mix_phx_gen_secret"
# Erlang distribution cookie — every replica must agree so the nodes
# can authenticate each other before clustering. Any 32+ char random
# string works:
#
# openssl rand -hex 32
#
erlang_cookie: "REPLACE_ME_with_a_long_random_string"
# Bearer token gate on the zot push/delete webhook (POST /_webhooks/zot).
# Leave empty to disable the gate entirely (only OK in trusted-network
# deploys); zot's `Authorization: Bearer <value>` must match this.
zot_webhook_secret: "REPLACE_ME_with_a_long_random_string"