I really want to keep as much of my code public as possible. I have been looking into Ansible Vault and its ability to encrypt sensitive information. Is it possible/advisable to make a public repo on github this way?
I want to share what I know as I learn, but without comprimising the security of my web apps.
What are you sharing but also need to encrypt? Generally you use environment variables for any keys or passwords you want kept secret.
Current structure: I
git clone bedrock-ansible and bedrock into
I want my wordpress site to be accessible publicly on github. Is there any sensitive information that gets held outside of the bedrock-ansible directory? From what I understand everything links to files in there, eg to the
How I was working before:
No vagrant, just bedrock-site.
cap production deploy or
cap staging deploy.
I’ve now started using bedrock-ansible and find it great that I can simulate my server environment, especially when
homebrew decides to upgrade packages that break the native OSX LAMP stack.
I am just a bit confused as to what to do with it all. Do I still deploy with
cap staging deploy? Meaning that the bedrock-ansible folder is left out of the repo? Or do I use
vagrant push? Ideally I’d love to push the entire thing so that I don’t have to worry about setting up a server each time I create a client project, as I host them myself.
There’s nothing sensitive in a Bedrock repo by default so you can easily make that public and not worry.
bedrock-ansible is a completely different matter. Obviously by default there’s a ton of sensitive data in plain text. Yes you could encrypt some files with Ansible Vault and then make that public as well. However, that’s quite weird in my opinion. Would be better to make a fork public.
To answer your other question, nothing really changes for deploying unless you want it to. You don’t want to “deploy” your bedrock-ansible repo so the structure is good. We happen to use the exact same one for the roots.io project.
bedrock-ansible has Ansible based deploys coming soon so that will simplify things further. No need for another tool/language like Capistrano.
@swalkinshaw thank you for clearing things up for me, I appreciate your time! So I can keep working like I used to, and now I have a more reliable local version of my site. Awesome.