git
8bed8fdcb2
new file: DEPLOYMENT.md new file: SECURITY_SECRETS_INVENTORY.md new file: secrets/.env.secrets.example
1.7 KiB
1.7 KiB
Credential Inventory (apps/, core/, monitoring/)
apps/
apps/nextcloud/docker-compose.ymlMYSQL_PASSWORD(nextcloud-webapp) ->MYSQL_PASSWORD_FILE+ Docker secret.SMTP_PASSWORD->SMTP_PASSWORD_FILE+ Docker secret.REDIS_HOST_PASSWORD->REDIS_HOST_PASSWORD_FILE+ Docker secret.MYSQL_ROOT_PASSWORD,MYSQL_PASSWORD,NEXTCLOUD_ADMIN_PASSWORD(nextcloud-db) ->_FILEvariants + Docker secrets.- Redis
--requirepassinline value -> read from Docker secret at runtime.
apps/passbolt/docker-compose.ymlMYSQL_PASSWORD,DATASOURCES_DEFAULT_PASSWORD->_FILEvariants + Docker secret.
apps/gramps/docker-compose.ymlPOSTGRES_PASSWORD->POSTGRES_PASSWORD_FILE+ Docker secret.DB_URIpassword +INITIAL_ADMIN_PASSWORD-> env references from non-committed secrets env file.
core/
core/authelia/configuration.ymlidentity_validation.reset_password.jwt_secret->${AUTHELIA_JWT_SECRET}.session.secret->${AUTHELIA_SESSION_SECRET}.storage.encryption_key->${AUTHELIA_STORAGE_ENCRYPTION_KEY}.
core/traefik/dynamic.ymlcrowdsecLapiKey->${CROWDSEC_LAPI_KEY}.
monitoring/
monitoring/gotify/docker-compose.ymlGOTIFY_DEFAULTUSER_PASS->${GOTIFY_DEFAULTUSER_PASS}from non-committed secrets env file.
monitoring/prometheus/docker-compose.ymlDOCKER_INFLUXDB_INIT_PASSWORD->DOCKER_INFLUXDB_INIT_PASSWORD_FILE+ Docker secret.PIHOLE_PASSWORD->${PIHOLE_PASSWORD}from non-committed secrets env file.
monitoring/prometheus/prometheus.yml- Uptime Kuma basic_auth
password->password_filemounted from non-committed secret file.
- Uptime Kuma basic_auth