I'm currently using github.com to push and deploy my files. One of these files contains a username and password for an API on a website. Is there a way to upload files to openshift without publicly exposing saved authentication credentials on github? To be more specific, I have a config.js file that has a username and a password and I don't want that to be stored on github, but used on openshift. Do I need to make a database instead?
Is there a better way to deploy node.js apps? I don't have money to spend.
I use winscp to log into my app. Using winscp I then copy my config.ini file which contains my secret stuff than I don't want on github to the Openshift data directory. From there my app just loads that file and retrieves the necessary information.
Related
I’m using a hosting website to host my discord bot and my .env stores the token. How does it still work when the file is .gitignored? Because I don’t want people stealing my token and using it for other purposes.
Your initial deployment process on your hosting needs to be more complex than "Pull the application from my Git repository".
For simple applications that generally just means you create the .env file on the hosting manually.
For complex systems (e.g. when you have multiple instances of the application on different servers) you'll generate it from a secure data store as part of a process that involves a deployment tool like Terraform.
You use gitignore and add the .env extension in it to make sure that it does not get pushed to the remote repository on github so that no-one can access those variables. in order to add the .env variables on a hosting website, you need to add the environment variables externally on that hosting site. The method depends entirely on the service provider.
I've created a .env file per the dotenv documentation and placed all my secret API keys inside the file. I've also added these environment variables as config variables to my Heroku instance. As a result, secret API strings are no longer referenced in my source code.
However, I haven't gitignored the .env file since the git repo is set to private and I'm the sole owner of it but I have slugignored the .env file to stop it from being pushed into Heroku.
Is my justification to not gitignore the .env file safe and are the steps I'm taking reasonable and standard practice to protect my secret API strings? If not, how else can I improve upon my setup to improve the security of my web app?
Are the creds in .env the same ones you have on your heroku app?
If so, this is bad.
Someone getting access to your GitHub account could also access the creds in your Heroku app. Look at this Gentoo retrospective where getting their GitHub organization compromised is exactly what happened.
Your .env file should only have local settings. For example, it should call localhost as the database, not your production database URL.
Then, once everything is decoupled from production, this file can safely be checked into your repository. Someone getting access to your code wouldn't be getting any access to your production data.
I need to copy the files from my app service A to my app service B.
To do this I can simple download the A files over FTP to my computer and upload them to B over FTP.
Is there a way to do this ftp download directly from A to B? I tried azure app service console and kudu power shell but I'm getting the following error:
I Know that I can clone the entire app service but that's not what a I want.
Thanks for the suggestions.
As far as I know, azure kudu don't support ftp tool.
Besides, I don't think there's a way to copy files without downloading and re-uploading, at least I found nothing like this in the List of FTP commands and no client I have seen so far supported something like this.
You need download it firslty and upload it again.
Here is a workaround, you could use some tools to help you copy files.
These tool also will cpoy the files to local(in temp folder) and upload it again.
For example WinSCP FTP client does support the remote copy.
You could just right click the file after login in and select remote copy tag.
If you want to copy files from A to B in kudu, I suggest you could use git tool to help you copy the files(the entire app service).
More details, you could refer to below steps:
1.Generate the git url in your web service A.
(1)You could firstly set your deployment username and password.
(2)Enable local git deploy
(3) Find the web service git url in the overview.
2.In the kudu, locate to the site folder and change add below codes:
Notice: you need delete all the files in the wwwort folder add password behind the user name as below format:
https://{username}:{password}#xxxxxxxxxxxxxxxx.scm.azurewebsites.net:443/xxxxxxxxxxxxxxx.git
Code:
git clone {git url} wwwroot
Result:
Not sure what exactly you want to achieve and how this is related to programming, but here is a bunch of info that will help you:
Azure Web App Cloning
Backup Azure Web App
Restore Azure Web App
FTP client can be install on app server:
apt-get install ftp
I'd like to check in my .pubxml-file in my .net project so my colleagues also can deploy from local environment. But I don't want to have the password to the database in plain text on GitHub. I have setup master to be automatically deployed in Azure, but sometimes we want to publish manually.
Is there any way to solve this?
Add the .pubxml-files to your .gitignore. You should not post them to GitHub for the reason you mentioned.
All of your colleagues will have to get the .pubxml file somehow so they can do the publish. Either you send the file to them, or they connect to the Azure subscription and get it.
Is there a way with Kudu (or some other means) to retrieve the MySql connection information when I push with Git?
I know I can access it through the portal, but I want to write a build script that generates some files based on the Azure Web Site I'm going to push to. I also am aware of the App Settings, but I don't want duplication there.
I'm deploying a custom built WordPress instance where I want to build the wp-config.php file dynamically and not have it checked in to my repository.
Yes, your connection string is available as an environment setting.
To experiment with custom scripts use kuduexec (http://blog.amitapple.com/post/45675601255/azurewebsiteterminal)