Backup compose and env files

grimer@lemmy.world · 2 days ago

Backup compose and env files

RegalPotoo@lemmy.world · edit-2 2 days ago

Check them into Git, but be cautious about credentials that might live in the env files that you don’t want to expose if you end up making the repo publicly available.

grimer@lemmy.world · 2 days ago

That is an option I’ve been thinking about but I’ve never used it, I’m not a dev. Maybe I’ll look at it more seriously since it does sound like what would work best, I’d really apprecieate the versioning. Thanks!

shadybraden@programming.dev · 2 days ago

Definitely worth a shot.

One thing I do to prevent stuff from getting into a public git repo is:

In the git repo, make a file called .gitignore then add the line .env to it. Then git will ignore any file named .env
edit compose files from a computer that is separate from the one that gets secrets. I have my desktop setup to push to github. Then I make a change, then simply run `git pull on my server to download the changes.
make the .env only viewable by root (you’ll have to use sudo nano) by running sudo chmod 600 .env && sudo chown root:root .env

Scrubbles@poptalk.scrubbles.tech · 2 days ago

Docker compose in git. Env in 1password or whatever password manager you use. Most support uploading a raw file.

shadybraden@programming.dev · 2 days ago

I have mine in git! I have:

-docker
  - .env
  - <thing name>
      - dockers-compose.yml

Then using docker compose --env-file ../.env -v up -d it uses the above .env file. (../ means up one folder)

For more details and a bunch of my compose files checkout my repo! https://github.com/shadybraden/homelab/tree/main/docker

PunkRockSportsFan@fanaticus.social · 2 days ago

Keeping backup of .env means exposing sensitive creds ?

grimer@lemmy.world · 2 days ago

In my particular case I only have a few .env files and they don’t have any credentials in them. This is mostly for the docker-compose files.

shadybraden@programming.dev · edit-2 2 days ago

You can specify a folder in your files for configs, and a different one for the compose and env:

- config
   - <container_config>
- docker
  - container 
      - compose.yml

Edit: then you can map your volume not to ./config:/config but instead to /config/containerName:/config

MangoPenguin@lemmy.blahaj.zone · 2 days ago

Backups are encrypted so it shouldn’t be an issue.

HelloRoot@lemy.lol · 2 days ago

what about a local, encrypted backup

PunkRockSportsFan@fanaticus.social · 2 days ago

It’s like you have secrets that you pull in to build your .env which should only be used by the stuff that needs it and it’s not shared.

I’m assuming this is a production backup and the idea that someone has a prod .env file gives me the Willies.

Id want to change all the cards.

MangoPenguin@lemmy.blahaj.zone · 2 days ago

I mean… just back them up like any other file. If you want them and nothing else, then do an exclude all and then include after for those files.

But you also need to backup the rest of the data, so I’m not sure why you’d want to exclude all the other folders.

dohpaz42@lemmy.world · 2 days ago

As a Mac user, I like Time Machine for backups. It’s not perfect, but it gets the job done. There is a Linux version.

Nb. I’ve not used this particular software, so YMMV.