019c79b898
- Renamed auth-service to iam-service across various files for consistency. - Updated deployment workflows, database migration scripts, and documentation to reflect the service name change. - Enhanced bilingual documentation for clarity on the new service structure and usage. - Removed outdated references to auth-service in scripts and configuration files to streamline the project structure.
35 lines
1.3 KiB
Plaintext
35 lines
1.3 KiB
Plaintext
# Kubernetes Secrets Template for Production
|
|
# DO NOT commit actual secrets to Git
|
|
# Use this as a template to create secrets
|
|
|
|
# Create secret using kubectl:
|
|
# kubectl create secret generic iam-service-secrets \
|
|
# --from-literal=database-url='postgresql://user:pass@ep-xxx.region.neon.tech/dbname?sslmode=require&pgbouncer=true' \
|
|
# --from-literal=jwt-secret='your-production-jwt-secret-min-32-chars' \
|
|
# --from-literal=jwt-refresh-secret='your-production-refresh-secret-min-32-chars' \
|
|
# --from-literal=redis-password='' \
|
|
# -n production
|
|
|
|
# Or use GitHub Secrets in CI/CD:
|
|
# - NEON_DATABASE_URL_PRODUCTION
|
|
# - JWT_SECRET_PRODUCTION
|
|
# - JWT_REFRESH_SECRET_PRODUCTION
|
|
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: iam-service-secrets
|
|
namespace: production
|
|
type: Opaque
|
|
stringData:
|
|
# Neon Database URL (Production branch)
|
|
# Format: postgresql://user:password@ep-xxx.region.neon.tech/dbname?sslmode=require&pgbouncer=true
|
|
database-url: "postgresql://user:password@ep-xxx.region.neon.tech/dbname?sslmode=require&pgbouncer=true"
|
|
|
|
# JWT Secrets (use strong random strings, min 32 characters)
|
|
jwt-secret: "your-production-jwt-secret-min-32-chars"
|
|
jwt-refresh-secret: "your-production-refresh-secret-min-32-chars"
|
|
|
|
# Redis (if password protected)
|
|
redis-password: ""
|