docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon calcom

Add support for Doppler

Open bvallelunga opened this issue 4 years ago • 10 comments

Hey Cal community! Excited to add Doppler support for secure secrets management. Guide to using Doppler with Cal:

  1. Import our project to get setup.

    Import to Doppler

  2. Create a service token.

    create-service-token

  3. Build and start calendso with Doppler

    DOPPLER_TOKEN=dp.st.XXXXXXX docker-compose up --build

bvallelunga avatar Nov 15 '21 06:11 bvallelunga

thank you! we'll test this and get back to you. is doppler strictly required, no right?

PeerRich avatar Nov 15 '21 11:11 PeerRich

That is correct. You can still use env files. This just fixes the Docker builds and adds support for Doppler.

bvallelunga avatar Nov 16 '21 17:11 bvallelunga

Personal opinion, but does Doppler belong embedded in the docker image? Absolutely not attacking Doppler, but in concept this adds proprietary functionality that might not work for folks who don't use Doppler. I'd rather see this added as part of an Examples or Advanced Usage section, if the concerns can be separated.

krumware avatar Nov 16 '21 20:11 krumware

It's a great question I asked myself as well when building. Here was my thinking behind why I landed in the Dockerfile.

  • For Doppler to work due to how docker-compose works we will need the Doppler CLI to be available in the container. Wrapping the docker compose commands with doppler run sadly won't work as compose won't pass those environment variables to the containers.
  • The next question is do we install it at build-time or run-time. I chose build-time because if the CLI ever fails to download during the build there are no serious consequences compared to at runtime.

The way I structured the code is that Doppler is 100% optional to use. The Doppler CLI is very small so installing during the build shouldn't have a large impact on the size of the image. I also structured the README so it's a separate section called "Secrets Management".

bvallelunga avatar Nov 16 '21 21:11 bvallelunga

@bvallelunga is it ok if we table this temporarily while we resolve the current docker build issues? (i know you have some fixes embedded)

krumware avatar Nov 17 '21 18:11 krumware

@krumware sure! Feel free to update the thread when you feel we are ready to resume. I can update the PR to just include the Doppler additions once the Docker issues have been fixed.

bvallelunga avatar Nov 30 '21 20:11 bvallelunga

@krumware how's the Docker support going? Happy to resume working on this PR when you are ready.

bvallelunga avatar Dec 16 '21 08:12 bvallelunga

in touch with @krumware on slack!

PeerRich avatar Dec 16 '21 15:12 PeerRich

@bvallelunga can you join in on the calendso slack and we can chat about it?

krumware avatar Dec 16 '21 15:12 krumware

Just joined the Slack

bvallelunga avatar Dec 17 '21 20:12 bvallelunga