add option DRONE_DATABASE_SECRET to enable secrets encryption in db
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2021-01-14 11:26:06 +01:00
parent a8939e3c83
commit 4de260c357
No known key found for this signature in database
GPG Key ID: 65362AE74AF98B61
2 changed files with 11 additions and 0 deletions

View File

@ -63,6 +63,14 @@ droneci_db_password: secure
droneci_db_ssl_mode: disable droneci_db_ssl_mode: disable
# @var droneci_db_secret:description: >
# Drone supports aesgcm encryption of secrets stored in the database. You must enable encryption
# before any secrets are stored in the database! You can generate an encryption key with e.g.
# `openssl rand -hex 16`.
# @end
# @var droneci_db_secret: $ "_unset_"
# @var droneci_db_secret:example: $ "0c549fd39ae397333761d2cb0c53c219"
# @var droneci_scm_provider:description: SCM provider to use with Drone (gitea|github) # @var droneci_scm_provider:description: SCM provider to use with Drone (gitea|github)
droneci_scm_provider: none droneci_scm_provider: none

View File

@ -48,6 +48,9 @@ services:
- DRONE_DATADOG_ENDPOINT=dummy - DRONE_DATADOG_ENDPOINT=dummy
- DRONE_DATADOG_TOKEN=dummy - DRONE_DATADOG_TOKEN=dummy
- DRONE_PROMETHEUS_ANONYMOUS_ACCESS={{ droneci_prometheus_anonymous_access | bool | lower }} - DRONE_PROMETHEUS_ANONYMOUS_ACCESS={{ droneci_prometheus_anonymous_access | bool | lower }}
{% if droneci_db_secret is defined %}
- DRONE_DATABASE_SECRET={{ droneci_db_secret }}
{% endif %}
{% if droneci_db_type == "pgsql" %} {% if droneci_db_type == "pgsql" %}
- DRONE_DATABASE_DRIVER=postgres - DRONE_DATABASE_DRIVER=postgres
- DRONE_DATABASE_DATASOURCE=postgres://{{ droneci_db_user }}:{{ droneci_db_password }}@{{ droneci_db_server }}/{{ droneci_db_name }}?sslmode={{ droneci_db_ssl_mode }} - DRONE_DATABASE_DATASOURCE=postgres://{{ droneci_db_user }}:{{ droneci_db_password }}@{{ droneci_db_server }}/{{ droneci_db_name }}?sslmode={{ droneci_db_ssl_mode }}