feat: auto-generate JWT secret in Terraform, remove manual variable
This commit is contained in:
ZdenekSrotyr
parent
b6a94add67
commit
a4944dba4a
3 changed files with 17 additions and 12 deletions
|
|
@ -6,6 +6,10 @@ terraform {
|
||||||
source = "hashicorp/google"
|
source = "hashicorp/google"
|
||||||
version = "~> 5.0"
|
version = "~> 5.0"
|
||||||
}
|
}
|
||||||
|
random = {
|
||||||
|
source = "hashicorp/random"
|
||||||
|
version = "~> 3.0"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -15,6 +19,13 @@ provider "google" {
|
||||||
zone = var.zone
|
zone = var.zone
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# --- Auto-generated secrets ---
|
||||||
|
|
||||||
|
resource "random_password" "jwt_secret" {
|
||||||
|
length = 48
|
||||||
|
special = false
|
||||||
|
}
|
||||||
|
|
||||||
# --- Network ---
|
# --- Network ---
|
||||||
|
|
||||||
resource "google_compute_firewall" "data_analyst" {
|
resource "google_compute_firewall" "data_analyst" {
|
||||||
|
|
@ -69,7 +80,7 @@ locals {
|
||||||
|
|
||||||
echo "=== Creating .env ==="
|
echo "=== Creating .env ==="
|
||||||
cat > "$APP_DIR/.env" << 'ENVEOF'
|
cat > "$APP_DIR/.env" << 'ENVEOF'
|
||||||
JWT_SECRET_KEY=${var.jwt_secret}
|
JWT_SECRET_KEY=${random_password.jwt_secret.result}
|
||||||
DATA_DIR=/data
|
DATA_DIR=/data
|
||||||
DATA_SOURCE=${var.keboola_token != "" ? "keboola" : "local"}
|
DATA_SOURCE=${var.keboola_token != "" ? "keboola" : "local"}
|
||||||
KEBOOLA_STORAGE_TOKEN=${var.keboola_token}
|
KEBOOLA_STORAGE_TOKEN=${var.keboola_token}
|
||||||
|
|
|
||||||
|
|
@ -1,15 +1,14 @@
|
||||||
# Copy to terraform.tfvars and fill in values
|
# Copy to terraform.tfvars and fill in values
|
||||||
project_id = "your-gcp-project-id"
|
project_id = "kids-ai-data-analysis"
|
||||||
region = "europe-west1"
|
region = "europe-north1"
|
||||||
zone = "europe-west1-b"
|
zone = "europe-north1-a"
|
||||||
machine_type = "e2-small" # 2 vCPU, 2GB RAM, ~$7/mo
|
machine_type = "e2-small" # 2 vCPU, 2GB RAM, ~$7/mo
|
||||||
disk_size_gb = 30
|
disk_size_gb = 30
|
||||||
instance_name = "data-analyst"
|
instance_name = "data-analyst"
|
||||||
ssh_user = "deploy"
|
ssh_user = "deploy"
|
||||||
ssh_public_key_path = "~/.ssh/id_ed25519.pub"
|
ssh_public_key_path = "~/.ssh/id_ed25519.pub"
|
||||||
|
|
||||||
# App secrets
|
# JWT secret is auto-generated by Terraform (random_password)
|
||||||
jwt_secret = "" # Generate: python3 -c "import secrets; print(secrets.token_urlsafe(32))"
|
|
||||||
|
|
||||||
# Keboola (optional — leave empty for sample data)
|
# Keboola (optional — leave empty for sample data)
|
||||||
keboola_token = ""
|
keboola_token = ""
|
||||||
|
|
|
||||||
|
|
@ -45,12 +45,7 @@ variable "ssh_public_key_path" {
|
||||||
default = "~/.ssh/id_ed25519.pub"
|
default = "~/.ssh/id_ed25519.pub"
|
||||||
}
|
}
|
||||||
|
|
||||||
# App config
|
# App config (JWT secret auto-generated by Terraform)
|
||||||
variable "jwt_secret" {
|
|
||||||
description = "JWT secret key (min 32 chars)"
|
|
||||||
type = string
|
|
||||||
sensitive = true
|
|
||||||
}
|
|
||||||
|
|
||||||
variable "keboola_token" {
|
variable "keboola_token" {
|
||||||
description = "Keboola Storage API token"
|
description = "Keboola Storage API token"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue