feat: deploy bankless.community to cloudflare pages #26
Conversation
There was a problem hiding this comment.
We need to delete and rotate the secrets committed. This is a public repo, but this is bad practice even in private repos.
As @mklebrasseur said
Secrets should not be provided in the repo, they should be placed within the BanklessDAO Bitwarden and then InfoSec will add them as secret ENV's. You can reference them in this project as variables and expect that Terraform Cloud will fill them in.
Example
variable "alchemy_api_key" { sensitive = true }
|
@BogDrakonov @mklebrasseur For now, the API keys are associated with my personal accounts - to solve the current API key leak. In the future, I think it would be appropriate to create dedicated BanklessDAO accounts and generate the API keys from them instead of my personal accounts. The credentials for these dedicated accounts could be stored in Bitwarden and shared as needed.
|
|
Hello @BogDrakonov @mklebrasseur How'd it go? Have you successfully added the secrets to the Terraform cloud? |
Completed, requested the move of the variables to the variables file. Other than that it's good to go! |
|
@BogDrakonov I'd like to get this deployed and the domain switched over before the end of October so I don't need to seek reimbursement for Vercel hosting in November. |
|
I'm sorry we didn't catch this earlier, but do you mind opening a PR as a feature branch on this repo? Opening a PR from an external repo doesn't trigger a Terraform plan so we can't validate the result and merge it. Do you mind opening a PR from within this repo? All BanklessDAO GH members have write access to the repo |
|
Superseded by #27 |
Purpose
This PR deploys the BanklessDAO Website to Cloudflare Pages.
Changes