From b0c7995c560dbc08fc129a7f898c7e5795cc41f6 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Tue, 1 Jun 2021 09:30:16 -0400
Subject: [PATCH] Take the symlink out of git and add instructions about how to
 provide secrets

---
 morph/README.rst                 | 13 +++++++++++++
 morph/grid/production/.gitignore |  1 +
 morph/grid/production/secrets    |  1 -
 morph/grid/testing/.gitignore    |  1 +
 morph/grid/testing/secrets       |  1 -
 5 files changed, 15 insertions(+), 2 deletions(-)
 create mode 100644 morph/grid/production/.gitignore
 delete mode 120000 morph/grid/production/secrets
 create mode 100644 morph/grid/testing/.gitignore
 delete mode 120000 morph/grid/testing/secrets

diff --git a/morph/README.rst b/morph/README.rst
index d4a89a37..1f48d5e0 100644
--- a/morph/README.rst
+++ b/morph/README.rst
@@ -42,6 +42,19 @@ grid
 
 Specific grid definitions live in subdirectories beneath this directory.
 
+secrets
+~~~~~~~
+
+This must be created and populated before the grid can be built or deployed.
+
+This directory contains all of the secrets necessary to deploy the grid.
+Secrets beneath this directory are referenced by ``config.json`` and ``grid.nix``
+(and possibly elsewhere).
+Some of the paths are configurable and some are just convention.
+This path is **ignored** by git.
+The intended workflow is that the secrets will be maintained on secure storage and a symlink to the correct location created here.
+This keeps the secrets themselves out of the git working tree as an extra protection against unintentionally committing them.
+
 config.json
 ~~~~~~~~~~~
 
diff --git a/morph/grid/production/.gitignore b/morph/grid/production/.gitignore
new file mode 100644
index 00000000..db2fc0de
--- /dev/null
+++ b/morph/grid/production/.gitignore
@@ -0,0 +1 @@
+secrets
diff --git a/morph/grid/production/secrets b/morph/grid/production/secrets
deleted file mode 120000
index 523a2201..00000000
--- a/morph/grid/production/secrets
+++ /dev/null
@@ -1 +0,0 @@
-../../../../PrivateStorageSecrets/
\ No newline at end of file
diff --git a/morph/grid/testing/.gitignore b/morph/grid/testing/.gitignore
new file mode 100644
index 00000000..db2fc0de
--- /dev/null
+++ b/morph/grid/testing/.gitignore
@@ -0,0 +1 @@
+secrets
diff --git a/morph/grid/testing/secrets b/morph/grid/testing/secrets
deleted file mode 120000
index 523a2201..00000000
--- a/morph/grid/testing/secrets
+++ /dev/null
@@ -1 +0,0 @@
-../../../../PrivateStorageSecrets/
\ No newline at end of file
-- 
GitLab