Setup
For the Onboardbase CLI to access secrets for your projects, it needs an access token.
Onboardbase considers how you work as a team to make sure you are secure and in sync every time across all stages of development.
The Onboardbase way
- Authentication
- Project
- Usage
- Upload .env into Onboardbase
- Remove .env file
Authentication
For our CLI to access secrets for your projects, it needs an access token. We do this by authentication with the command below, which will open a browser window and ask you to authenticate.
onboardbase login
Enter Y to open the URL in a new browser. If you use the N option, a webpage URL will be logged in your terminal, copy the link, and open it in a browser to complete the login and authentication process.
This only needs to happen once per organization. You can scope each login to a separate directory if you have multiple organizations.
Project
Congrats on installing and authenticating 🎉.
Let's configure it for use with a project in your development environment.
In Onboardbase, access to a project's secrets is scoped to a specific directory in your file system. This lets you fetch secrets for multiple projects and organizations on a single machine.
Three ways to do this
- Setup command
- Onboardbase file
- Start script
For each project, do this at the repository root level.
# Change to your project's directory
cd ./your/project/directory
# Run the below command to select the organization, project, and environment
onboardbase setup
# After the process, an onboardbase.yml file would be generated that looks like below:
setup:
project: projectname
environment: environmentname
# Then run a build with:
onboardbase run --command="your project start command"
# The build command creates a virtualized environment with the host variables and secrets from onboardbase.
# Create a .onboardbase file and copy this basic config
setup:
project: projectname
environment: environmentname
# Then run a build with:
onboardbase run --command="your project start command"
# Onboardbase can inject your secrets into a registered command on your machine.
# For example, in a REACT or Vue project, the Onboardbase CLI can inject your secrets into your start command, and process.env.ENV_NAME would be populated in your project.
onboardbase run --command="your project start command" -p [PROJECT_NAME] -e [ENVIRONMENT_NAME=development]
The Onboardbase setup adds your
.onboardbase.yml
file to your project's .gitignore file
Because Onboardbase injects secrets as environment variables, it works for any language, framework, platform, and cloud provider.
const secret = process.env["SECRET_NAME"]
$secret = get_env("SECRET_NAME")
// laravel
$secret = env("SECRET_NAME")
secret = os.getenv("SECRET_NAME")
secret = System.getenv("SECRET_NAME")
secret := os.Getenv("SECRET_NAME")
--start-script flag
Running onboardbase setup
with the --start-script
will add the value of the --start-script
command into the Onboardbase config file, this allows you to run onboardbase run
subsequently without having to provide a start command:
onboardbase setup --start-script "yarn start"
Then you can execute onboardbase run
and Onboardbase will start your application with the start script that has be set.
If you don't provide the --start-script flag, onboardbase setup
will optionally ask for a start script while executing onboardbase setup
.
Upload .env into Onboardbase
Onboardbase provides you a way to upload your secrets directly from your env file into your project on Onboardbase.
Your env values is expected be in this format
KEY=MY_KEY
Remove .env file
Now that Onboardbase is injecting secrets as environment variables, it's best to remove all application code relying on .env
files and .env
files that may still exist locally.
This instantly improves security by removing the storage of unencrypted secrets from your file system and avoiding potential confusion around the source of truth for the loading of environment variables.
Now you are ready to get a little more advanced for your workflow 🔥
Updated 4 months ago