Installation wizard with secret store (from 0.2511.1)
By default, Convier reads config like OIDC client ID and secret from environment variables, but configuration may also be fetched from a secrets store if running in a supported environment (e.g. App Service).
Setup
Azure Key Vault
To fetch config directly from a key vault in Azure when running as an App Service, do the following:
- Create a new key vault
- Enable System assigned identity
- Assign app service role
Key Vault Secrets Officer - In the app service, set environment variable
AZURE_KEY_VAULT_NAMEAZURE_KEY_VAULT_URLif not a standard URL
- After install, consider adjusting app service role to
Key Vault Secrets User
Google Secrets Manager
- Create new project
- Assign Cloud Run or equivalent permissions to read and write secrets on the project
- Set deployment, set envirnoment variable
GOOGLE_SECRET_MANAGER_PROJECT_ID=<your project id>
Install
- Set environment variable
SERVER_PORT=80 - Set environment variable
INSTALLATION_MODE=trueor create secret (INSTALLATION-MODE=true). - Set environment variable
INSTALLATION_PASSWORD - Set environment variable
USE_SECRET_STORE=true - Follow installation wizard, or create relevant secrets. If manual, note that underscores in environment variable names mentioned in the documentation must be replaced by dashes (e.g.
JDBC_CONNECTION_STRING->JDBC-CONNECTION-STRING) - Set environment variable
INSTALLATION_WIZARD=false