beatz174-bit
1.3 KiB
1.3 KiB
Deployment Prerequisites
Before running compose operations, provision local secret material.
1) Create non-committed secret env file
cp secrets/.env.secrets.example secrets/stack-secrets.env
chmod 600 secrets/stack-secrets.env
2) Create required Docker secret files
All files below are expected locally and are gitignored:
secrets/nextcloud_db_root_password.txtsecrets/nextcloud_db_password.txtsecrets/nextcloud_admin_password.txtsecrets/nextcloud_smtp_password.txtsecrets/nextcloud_redis_password.txtsecrets/passbolt_db_password.txtsecrets/influxdb_init_password.txtsecrets/prometheus_kuma_basic_auth_password.txt
Recommended permissions:
chmod 600 secrets/*.txt
3) Validate composed configuration
Use the repository composition entrypoint:
./services-up.sh --profile all config
This confirms compose rendering with shared env/network inputs before any runtime operation.
4) Rotate previously committed credentials
If migrating from older states where secrets were committed, rotate upstream values immediately (DB credentials, app passwords, auth keys, and API tokens).