Security

Because your config files contain critical credentials for your database/ssh you should consider some security measures.

Environment

This application will probably run on a dedicated server.

  • Be sure to use long passwords, better to generate them... like 15 characters and mixed symbols, digits, uppercase, lowercase.
  • Use an encrypted home... so if the hardware is stolen it can’t be used.
  • Setup a firewall with minimal access.
  • Setup a firewall on the server where you’ll deploy to!

Encrypted config’s

Main password

There is a main password set in the .config file. With this password the configuration files are encrypted/decrypted...

Please set this password with a strong password generator (and make sure it’s escaped for json)

The config files can be encrypted before you want to push them to some repo. This way you can maintain your deploy setup in git without exposing login credentials and other critical information.

The config files are encrypted with a AES256 encryption. For more technical info see the simple-crypt library. Remember to setup this password on your production server manually, and do not commit this in any repo!

There are 2 commands available to encrypt and decrypt all the config files. It won’t encrypt the config files if it is named as config.json. Only config.crypt.json will be encrypted/decrypted

To encrypt all crypt.json config files:

$ deploy-commander encrypt_config

or process only path...

::
$ deploy-commander encrypt_config:<./config/path>

To decrypt the .json.encrypt config files:

$ deploy-commander decrypt_config

or process only path...

$ deploy-commander decrypt_config:<./config/path>
  • It will only encrypt or decrypt files that needs to be encrypted/decrypted. It might take a while if your configuration is large.