8ec4d40b6a
- dev is local laptop - unstable (or sandbox) is latest cut of main (or for experiments) - staging is stable tagged releases
1.6 KiB
Operations
========================
Authenticating
You'll need the Cloud Foundry CLI.
We use the V7 Cloud Foundry CLI.
cf login -a api.fr.cloud.gov --sso
After authenticating, make sure you are targeting the correct org and space!
cf spaces
cf target -o <ORG> -s <SPACE>
Rotating Environment Secrets
Secrets were originally created with:
cf cups getgov-credentials -p credentials-<ENVIRONMENT>.json
Where credentials-<ENVIRONMENT>.json looks like:
{
"DJANGO_SECRET_KEY": "EXAMPLE",
...
}
You can see the current environment with cf env <APP>, for example cf env getgov-unstable.
The command cups stands for create user provided service. User provided services are the way currently recommended by Cloud.gov for deploying secrets. The user provided service is bound to the application in manifest-<ENVIRONMENT>.json.
To rotate secrets, create a new credentials-<ENVIRONMENT>.json file, upload it, then restage the app.
Example:
cf uups getgov-credentials -p credentials-unstable.json
cf restage getgov-unstable --strategy rolling
Non-secret environment variables can be declared in manifest-<ENVIRONMENT>.json directly.
Database
In sandbox, created with cf create-service aws-rds micro-psql getgov-database.
Binding the database in manifest-<ENVIRONMENT>.json automatically inserts the connection string into the environment as DATABASE_URL.