so… In my Redwood project I am consuming the GoogleApi with a private key that is stored in a JSON file in my repo (google-key.json). This file is - of course - in my .gitignore. One of my services on the api side is importing this file and using it’s values.
Now, when I am deploying to my baremetal server, the secret is not transmitted.
Current workaround
I deploy with yarn rw deploy baremetal production
I rsync my secret file to the /var/www/app directory
I cp google-key.json to the correct location in the ./current/ directory.
Of course this is not sustainable. Therefore I want to ask around how you would solve this issue.
Can you not use a .env file with this project (or don’t want to)? What I would do is keep that key in .env and use it on the api side with something like process.env.GOOGLE_API_KEY. Now log into the server and add that same value to the .env file on the server. On the next deploy, the .env file on the server is symlinked into the newly deployed directory, and the app will have access to all of those values.
If you can’t do that for whatever reason, that’s where the lifecycle events come into play: you can insert your own command before/after any of the existing steps in the deploy and do whatever you want. These commands are all executed on the server, however…I’m trying to think of a way to get some data from the client into them before they’re executed. I don’t think the deploy.toml file is run through any kind of string replacement before being run, so you can’t just insert a ${fs.readSync('google-key.json')} and have the value show up. But, you could do something similar to how the .env file works: manually add google-key.json to the server, in the root directory of your app (the one with all the timestamp directory deploys) and then add a lifecycle event that copies the file from there to the deploy directory: