Start using a docker secret for local passwords

commit: 8d9f45ebd57d2d665bac76c9a04e775135265729 [log] [tgz]
author: Nico Huber <nico.h@gmx.de> Tue Jul 25 13:22:32 2023 +0000
committer: Nico Huber <nico.h@gmx.de> Tue Jul 25 16:55:06 2023 +0000
tree: ca4796275bbf9979e161b3da30aa92bfd3e1e462
parent: f4fbab5570580690800658a758bed27702f9f40a [diff] [blame]
diff --git a/TODO.on.site b/TODO.on.site
index 56a0960..da83a0e 100644
--- a/TODO.on.site
+++ b/TODO.on.site

@@ -1,3 +1,8 @@
+Create secret seed:
+We use a single secret seed that internal passwords (e.g.
+robot mail accounts, databases) are derived from.
+* `dd if=/dev/urandom bs=1 count=16 | base 64 >.seed`
+
 Create environment files (cf. `git ls-files \*environment.template`):
 * Set SA_PUBLIC_DOMAIN_NAME in `environment`
 * Set CANONICAL_WEB_URL in `gerrit/environment`
commit	8d9f45ebd57d2d665bac76c9a04e775135265729	[log] [tgz]
author	Nico Huber <nico.h@gmx.de>	Tue Jul 25 13:22:32 2023 +0000
committer	Nico Huber <nico.h@gmx.de>	Tue Jul 25 16:55:06 2023 +0000
tree	ca4796275bbf9979e161b3da30aa92bfd3e1e462
parent	f4fbab5570580690800658a758bed27702f9f40a [diff] [blame]