secrets.yml

Make sure you generate strong passwords for the variables. Recommended to use tools like pwgen

pwgen -s 32 -n 24
# Secrets
SECRET_MYSQL_ROOT_PASSWORD: "SET-ME"
SECRET_COMMON_HTPASSWD_PASS: "SET-ME"
SECRET_COMMON_MONGO_READ_ONLY_PASS: "SET-ME"
SECRET_COMMON_MYSQL_ADMIN_PASS: "SET-ME"
SECRET_COMMON_MYSQL_MIGRATE_PASS: "SET-ME"
SECRET_COMMON_MYSQL_READ_ONLY_PASS: "SET-ME"
SECRET_EDXAPP_CELERY_PASSWORD: "SET-ME"
SECRET_EDXAPP_COMMENTS_SERVICE_KEY: "SET-ME"
SECRET_EDXAPP_MYSQL_CSMH_PASSWORD: "SET-ME"
SECRET_EDXAPP_MYSQL_PASSWORD: "SET-ME"
SECRET_EDXAPP_MYSQL_PASSWORD_ADMIN: "SET-ME"
SECRET_EDXAPP_MYSQL_PASSWORD_READ_ONLY: "SET-ME"
SECRET_FORUM_API_KEY: "SET-ME"
SECRET_MARIADB_CLUSTER_PASSWORD_ADMIN: "SET-ME"
SECRET_MONGO_ADMIN_PASSWORD: "SET-ME"
SECRET_XQUEUE_BASIC_AUTH_PASSWORD: "SET-ME"
SECRET_XQUEUE_BASIC_AUTH_USER: "SET-ME"
SECRET_XQUEUE_MYSQL_PASSWORD: "SET-ME"
SECRET_XQUEUE_RABBITMQ_PASS: "SET-ME"
SECRET_RABBIT_ADMIN_PASSWORD: "SET-ME"
SECRET_EDXAPP_EDXAPP_SECRET_KEY: "SET-ME" 
SECRET_EDXAPP_MONGO_PASSWORD: "SET-ME"
SECRET_FORUM_MONGO_PASSWORD: "SET-ME"
SECRET_EDXAPP_AWS_SECRET_ACCESS_KEY: "SET-ME"

Before uploading this file to GitHub or other repos make sure you encrypt it, you can follow these steps to encrypt the secrets.yml

ENCRYPT SECRETS FILE

in the deployer folder, run following command
ansible-vault encrypt edx-configs/secrets.yml

DECRYPT SECRETS FILE

To decrypt the file you should use the password you entered when you ran the previous command

in the deployer folder, run following command
ansible-vault decrypt edx-configs/secrets.yml

Last updated

Was this helpful?