0
我正在使用capistrano作爲基於Laravel的應用程序的部署工具。存儲所有服務器憑證的.env文件是在部署過程中創建的。這裏是構建邏輯(deploy.rb)的概述。Capistrano:爲Laravel存儲數據庫密碼
# config valid only for current version of Capistrano
lock "3.8.1"
set :application, "my_app"
set :repo_url, "[email protected]:me/myapp.git"
set :deploy_to, '/var/www/myapp'
# Environment variables
set :app_path, '/var/www/myapp/current'
set :app_debug, true
set :app_env, 'local'
set :app_key, 'base64:k1IYcD0k8Q59nDOBds0sgPVJye/vy85ovAS8GQecRuI='
set :app_log_level, 'debug'
set :app_url, 'http://localhost'
set :db_connection, 'mysql'
set :db_host, '127.0.0.1'
set :db_port, '3306'
set :db_name, 'my_db_name'
set :db_user, 'my_db_user'
set :db_password, 'mypassword'
set :keep_releases, 3
# Do composer install
namespace :composer do
desc "Running Composer install ..."
task :install do
on roles(:app) do
within release_path do
execute :composer, "install --no-dev"
execute :composer, "dumpautoload"
end
end
end
end
# Do database migrations
namespace :database do
desc "Running database migrations ..."
task :migrate do
on roles(:app) do
execute "php #{fetch(:app_path)}/artisan migrate"
end
end
end
# Create .env file
namespace :environment do
desc "Setting up environment variables ..."
task :set_variables do
on roles(:app) do
puts ("Creating environment configuration file...")
execute "cat /dev/null > #{fetch(:app_path)}/.env"
execute "echo APP_NAME=#{fetch(:application)} >> #{fetch(:app_path)}/.env"
execute "echo APP_ENV=#{fetch(:app_env)} >> #{fetch(:app_path)}/.env"
execute "echo APP_KEY=#{fetch(:app_key)} >> #{fetch(:app_path)}/.env"
execute "echo APP_DEBUG=#{fetch(:app_debug)} >> #{fetch(:app_path)}/.env"
execute "echo APP_LOG_LEVEL=#{fetch(:app_log_level)} >> #{fetch(:app_path)}/.env"
execute "echo APP_URL=#{fetch(:app_url)} >> #{fetch(:app_path)}/.env"
execute "echo DB_CONNECTION=#{fetch(:db_connection)} >> #{fetch(:app_path)}/.env"
execute "echo DB_HOST=#{fetch(:db_host)} >> #{fetch(:app_path)}/.env"
execute "echo DB_PORT=#{fetch(:db_port)} >> #{fetch(:app_path)}/.env"
execute "echo DB_DATABASE=#{fetch(:db_name)} >> #{fetch(:app_path)}/.env"
execute "echo DB_USERNAME=#{fetch(:db_user)} >> #{fetch(:app_path)}/.env"
execute "echo DB_PASSWORD=#{fetch(:db_password)} >> #{fetch(:app_path)}/.env"
end
end
task :set_permissions do
on roles(:app) do
puts ("Set directory permissions to writtable...")
execute "chmod -R 777 #{fetch(:app_path)}/storage"
execute "chmod -R 777 #{fetch(:app_path)}/bootstrap/cache"
end
end
end
namespace :deploy do
after :updated, "composer:install"
after :finished, "environment:set_variables"
after :finished, "environment:set_permissions"
after :finished, "database:migrate"
end
正如您所見,數據庫密碼存儲在文件本身中,這不是一種安全的方式。如何保持密碼分開?我是卡皮斯特拉諾和紅寶石的新手。