Capistrano:为Laravel存储数据库密码

时间:2017-04-27 06:13:40

标签: laravel capistrano capistrano3

我使用capistrano作为基于Laravel的应用程序的部署工具。存储所有服务器凭据的.env文件是在部署过程中创建的。以下是构建逻辑(deploy.rb)的概述。

# config valid only for current version of Capistrano
lock "3.8.1"

set :application, "my_app"
set :repo_url, "git@bitbucket.org:me/myapp.git"
set :deploy_to, '/var/www/myapp'

# Environment variables
set :app_path, '/var/www/myapp/current'
set :app_debug, true
set :app_env, 'local'
set :app_key, 'base64:k1IYcD0k8Q59nDOBds0sgPVJye/vy85ovAS8GQecRuI='
set :app_log_level, 'debug'
set :app_url, 'http://localhost'

set :db_connection, 'mysql'
set :db_host, '127.0.0.1'
set :db_port, '3306'
set :db_name, 'my_db_name'
set :db_user, 'my_db_user'
set :db_password, 'mypassword'

set :keep_releases, 3

# Do composer install
namespace :composer do
    desc "Running Composer install ..."
    task :install do
        on roles(:app) do
            within release_path do
                execute :composer, "install --no-dev"
                execute :composer, "dumpautoload"
            end
        end
    end
end

# Do database migrations
namespace :database do
    desc "Running database migrations ..."
    task :migrate do
        on roles(:app) do
            execute "php #{fetch(:app_path)}/artisan migrate"
        end
    end
end

# Create .env file
namespace :environment do
    desc "Setting up environment variables ..."
    task :set_variables do
        on roles(:app) do
              puts ("Creating environment configuration file...")
              execute "cat /dev/null > #{fetch(:app_path)}/.env"

              execute "echo APP_NAME=#{fetch(:application)} >> #{fetch(:app_path)}/.env"
              execute "echo APP_ENV=#{fetch(:app_env)} >> #{fetch(:app_path)}/.env"
              execute "echo APP_KEY=#{fetch(:app_key)} >> #{fetch(:app_path)}/.env"
              execute "echo APP_DEBUG=#{fetch(:app_debug)} >> #{fetch(:app_path)}/.env"
              execute "echo APP_LOG_LEVEL=#{fetch(:app_log_level)} >> #{fetch(:app_path)}/.env"
              execute "echo APP_URL=#{fetch(:app_url)} >> #{fetch(:app_path)}/.env"

              execute "echo DB_CONNECTION=#{fetch(:db_connection)} >> #{fetch(:app_path)}/.env"
              execute "echo DB_HOST=#{fetch(:db_host)} >> #{fetch(:app_path)}/.env"
              execute "echo DB_PORT=#{fetch(:db_port)} >> #{fetch(:app_path)}/.env"
              execute "echo DB_DATABASE=#{fetch(:db_name)} >> #{fetch(:app_path)}/.env"
              execute "echo DB_USERNAME=#{fetch(:db_user)} >> #{fetch(:app_path)}/.env"
              execute "echo DB_PASSWORD=#{fetch(:db_password)} >> #{fetch(:app_path)}/.env"
        end
    end

    task :set_permissions do
        on roles(:app) do
            puts ("Set directory permissions to writtable...")
            execute "chmod -R 777 #{fetch(:app_path)}/storage"
            execute "chmod -R 777 #{fetch(:app_path)}/bootstrap/cache"
        end
    end
end

namespace :deploy do
  after :updated, "composer:install"
  after :finished, "environment:set_variables"
  after :finished, "environment:set_permissions"
  after :finished, "database:migrate"
end  

正如您所看到的,数据库密码存储在文件本身中,这不是一种安全的方法。如何保持密码分开?我是capistrano和ruby的新手。

1 个答案:

答案 0 :(得分:0)

您可以使用几种机制。

我要考虑的第一个是使用linked_files。像

这样的东西
append :linked_files, '.env'
config/deploy.rb中的

将导致部署目录中的该文件链接到部署目录之外的shared/config/deploy.rb。您可以手动设置该文件,然后在部署时将Capistrano链接到该文件。

其次,您可以向系统添加环境变量,只需阅读它们并完全跳过.env文件。

最后,您可以在存储库中创建一个新的YAML文件,也可以gitignore它,然后读取它以获取密码。这将起作用,因为读取Capistrano配置的逻辑在部署计算机上本地运行。