feat: auto-generate JWT secret in Terraform, remove manual variable
This commit is contained in:
ZdenekSrotyr
parent
b6a94add67
commit
a4944dba4a
3 changed files with 17 additions and 12 deletions
|
|
@ -6,6 +6,10 @@ terraform {
|
|||
source = "hashicorp/google"
|
||||
version = "~> 5.0"
|
||||
}
|
||||
random = {
|
||||
source = "hashicorp/random"
|
||||
version = "~> 3.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -15,6 +19,13 @@ provider "google" {
|
|||
zone = var.zone
|
||||
}
|
||||
|
||||
# --- Auto-generated secrets ---
|
||||
|
||||
resource "random_password" "jwt_secret" {
|
||||
length = 48
|
||||
special = false
|
||||
}
|
||||
|
||||
# --- Network ---
|
||||
|
||||
resource "google_compute_firewall" "data_analyst" {
|
||||
|
|
@ -69,7 +80,7 @@ locals {
|
|||
|
||||
echo "=== Creating .env ==="
|
||||
cat > "$APP_DIR/.env" << 'ENVEOF'
|
||||
JWT_SECRET_KEY=${var.jwt_secret}
|
||||
JWT_SECRET_KEY=${random_password.jwt_secret.result}
|
||||
DATA_DIR=/data
|
||||
DATA_SOURCE=${var.keboola_token != "" ? "keboola" : "local"}
|
||||
KEBOOLA_STORAGE_TOKEN=${var.keboola_token}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,14 @@
|
|||
# Copy to terraform.tfvars and fill in values
|
||||
project_id = "your-gcp-project-id"
|
||||
region = "europe-west1"
|
||||
zone = "europe-west1-b"
|
||||
project_id = "kids-ai-data-analysis"
|
||||
region = "europe-north1"
|
||||
zone = "europe-north1-a"
|
||||
machine_type = "e2-small" # 2 vCPU, 2GB RAM, ~$7/mo
|
||||
disk_size_gb = 30
|
||||
instance_name = "data-analyst"
|
||||
ssh_user = "deploy"
|
||||
ssh_public_key_path = "~/.ssh/id_ed25519.pub"
|
||||
|
||||
# App secrets
|
||||
jwt_secret = "" # Generate: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
|
||||
# JWT secret is auto-generated by Terraform (random_password)
|
||||
|
||||
# Keboola (optional — leave empty for sample data)
|
||||
keboola_token = ""
|
||||
|
|
|
|||
|
|
@ -45,12 +45,7 @@ variable "ssh_public_key_path" {
|
|||
default = "~/.ssh/id_ed25519.pub"
|
||||
}
|
||||
|
||||
# App config
|
||||
variable "jwt_secret" {
|
||||
description = "JWT secret key (min 32 chars)"
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
# App config (JWT secret auto-generated by Terraform)
|
||||
|
||||
variable "keboola_token" {
|
||||
description = "Keboola Storage API token"
|
||||
|
|
|
|||
Loading…
Reference in a new issue