delete todos
This commit is contained in:
Deeman
76
todo.md
76
todo.md
@@ -1,76 +0,0 @@
|
|||||||
|
|
||||||
● Based on the infrastructure we built, here are the exact tasks to set up secrets in
|
|
||||||
Pulumi ESC:
|
|
||||||
|
|
||||||
1. Install Pulumi ESC CLI
|
|
||||||
|
|
||||||
curl -fsSL https://get.pulumi.com/esc/install.sh | sh
|
|
||||||
export PATH="$HOME/.pulumi/bin:$PATH"
|
|
||||||
|
|
||||||
2. Login to Pulumi
|
|
||||||
|
|
||||||
esc login
|
|
||||||
|
|
||||||
This will open a browser for authentication. You'll get a PULUMI_ACCESS_TOKEN - save
|
|
||||||
this for GitLab CI.
|
|
||||||
|
|
||||||
3. Create Production Environment
|
|
||||||
|
|
||||||
esc env init <your-org>/prod
|
|
||||||
|
|
||||||
Replace <your-org> with your Pulumi organization name.
|
|
||||||
|
|
||||||
4. Set All Required Secrets
|
|
||||||
|
|
||||||
# SSH Keys
|
|
||||||
esc env set <your-org>/prod SSH_PUBLIC_KEY "ssh-rsa AAAA..."
|
|
||||||
esc env set <your-org>/prod SSH_PRIVATE_KEY_PATH "/path/to/private/key"
|
|
||||||
|
|
||||||
# Hetzner
|
|
||||||
esc env set <your-org>/prod HETZNER_API_TOKEN "your-hetzner-token"
|
|
||||||
|
|
||||||
# Cloudflare R2 (for artifact storage)
|
|
||||||
esc env set <your-org>/prod R2_ACCESS_KEY_ID "your-r2-access-key"
|
|
||||||
esc env set <your-org>/prod R2_SECRET_ACCESS_KEY "your-r2-secret-key"
|
|
||||||
esc env set <your-org>/prod R2_ENDPOINT "account-id.r2.cloudflarestorage.com"
|
|
||||||
esc env set <your-org>/prod R2_ARTIFACTS_BUCKET "materia-artifacts"
|
|
||||||
|
|
||||||
# Cloudflare R2 Data Catalog (for Iceberg)
|
|
||||||
esc env set <your-org>/prod CLOUDFLARE_API_TOKEN "your-cf-api-token"
|
|
||||||
esc env set <your-org>/prod ICEBERG_REST_URI "https://api.cloudflare.com/client/v4/acco
|
|
||||||
unts/YOUR_ACCOUNT_ID/r2/buckets/YOUR_WAREHOUSE_BUCKET/iceberg"
|
|
||||||
esc env set <your-org>/prod R2_WAREHOUSE_NAME "materia"
|
|
||||||
|
|
||||||
5. Verify Secrets
|
|
||||||
|
|
||||||
esc env open <your-org>/prod --format shell
|
|
||||||
|
|
||||||
This shows all secrets as environment variables. You should see all the keys listed
|
|
||||||
above.
|
|
||||||
|
|
||||||
6. Test Locally
|
|
||||||
|
|
||||||
eval $(esc env open <your-org>/prod --format shell)
|
|
||||||
materia secrets list
|
|
||||||
materia secrets test
|
|
||||||
|
|
||||||
7. Configure GitLab CI
|
|
||||||
|
|
||||||
In your GitLab project settings → CI/CD → Variables, add:
|
|
||||||
|
|
||||||
- Key: PULUMI_ACCESS_TOKEN
|
|
||||||
- Value: (the token from step 2)
|
|
||||||
- Protected: Yes
|
|
||||||
- Masked: Yes
|
|
||||||
|
|
||||||
That's it! The CI/CD pipeline and materia CLI will automatically pull all other secrets
|
|
||||||
from ESC.
|
|
||||||
|
|
||||||
Where to Get Each Secret
|
|
||||||
|
|
||||||
- SSH Keys: Generate with ssh-keygen -t rsa -b 4096
|
|
||||||
- Hetzner API Token: https://console.hetzner.cloud/ → Project → Security → API Tokens
|
|
||||||
- R2 Credentials: Cloudflare Dashboard → R2 → Manage R2 API Tokens
|
|
||||||
- Cloudflare API Token: Cloudflare Dashboard → My Profile → API Tokens (needs R2
|
|
||||||
permissions)
|
|
||||||
- Iceberg REST URI: Format shown above - get account ID from Cloudflare dashboard URL
|
|
||||||
|
|||||||
Reference in New Issue
Block a user