Skip to content
Snippets Groups Projects
Select Git revision
  • 093edfe925cb39bf01091a656439ac4ca4bc519e
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

README.rst

Blame
    • README.rst 1.98 KiB

    Deployment Secrets

    Deploying PrivateStorageio requires certain secrets. For the localdev grid these secrets are kept in this (public) directory. This is intended to help make it as easy as possible to launch a local deployment. It also serves as an example of what secrets are required for any other deployment.

    You can find more information about some of these secrets in ops/generating-keys.rst.

    deploy_key

    This SSH private key authenticates CD and authorizes triggering a deployment update on the deployment hosts. The corresponding SSH public key is kept in the public-keys location.

    grafana-admin.password

    This is the initial admin password for the Grafana web admin on the monitoring host.

    grafana-slack-url

    This file is read by Grafana's systemd service to set an environment variable with a secret Slack WebHook URL to post alerts to. The only line in the file should be the secret URL. Use the url from this 1Password entry or get a new secret URL for your Slack channel at https://www.slack.com/apps/A0F7XDUAZ.

    stripe.secret

    This is the Stripe secret key which the payment server uses to finalize payment processing using Stripe. The corresponding Stripe public key is kept in the public-keys location.

    ristretto.signing-key

    This is the Ristretto-group private key used by the ZKAP issuer.

    monitoringvpn

    This directory holds Wireguard private keys for each of the hosts so they can participate in the deployment VPN. The corresponding public keys are kept in the public-keys location.

    payments-localdev-ssl

    This secret is only present for the localdev grid. This contains a TLS certificate and private key for the payment server. Other deployments will automatically generate a key and obtain a certificate from Let's Encrypt.