上述操作需要在容器启动后运行一次 。
场景先假设以下这些条件:
- 已检查过 Git 存储库 。
git checkout part-6-git-secret-encrypt-repository-docker
- 没有正在运行的 Docker 容器 。
make docker-down
- 已删除现有
git-secret文件夹、中的密钥.dev/gpg-keys、secret.gpg密钥和passwords.*文件 。rm -rf .gitsecret/ .dev/gpg-keys/* secret.gpg passwords.*
make和docker创建和导出gpg密钥的方法 。你需要交互式地运行这些命令 , 或者传递一个带换行的字符串给它 。这两件事在make和docker中都复杂得可怕 。因此 , 你需要登录到应用程序的容器中 , 并在那里直接运行这些命令 。这不是很简单 , 但无论如何 , 这只需要在一个新的开发人员入职时做一次 。密钥导出到
secret.gpg , 公钥导出到 gp.dev/gpg-keys/alice-public.gpg 。# start the docker setupmake docker-up# log into the container ('winpty' is only required on Windows)winpty docker exec -ti dofroscra_local-application-1 bash# export key pairname="Alice Doe"email="alice@example.com"gpg --batch --gen-key < .dev/gpg-keys/alice-public.gpg$ make docker-upENV=local TAG=latest DOCKER_REGISTRY=docker.io DOCKER_NAMESPACE=dofroscra APP_USER_NAME=application APP_GROUP_NAME=application docker compose -p dofroscra_local --env-file ./.docker/.env -f ./.docker/docker-compose/docker-compose.yml -f ./.docker/docker-compose/docker-compose.local.yml up -dContainer dofroscra_local-application-1Created...Container dofroscra_local-application-1Started$ docker psCONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES...95f740607586dofroscra/application-local:latest"/usr/sbin/sshd -D"21 minutes agoUp 21 minutes0.0.0.0:2222->22/tcp dofroscra_local-application-1$ winpty docker exec -ti dofroscra_local-application-1 bashroot:/var/www/app# name="Alice Doe"root:/var/www/app# email="alice@example.com"gpg --batch --gen-key < Key-Type: 1> Key-Length: 2048> Subkey-Type: 1> Subkey-Length: 2048> Name-Real: $name> Name-Email: $email> Expire-Date: 0> %no-protection> EOFgpg: directory '/root/.gnupg' createdgpg: keybox '/root/.gnupg/pubring.kbx' createdgpg: /root/.gnupg/trustdb.gpg: trustdb createdgpg: key BBBE654440E720C1 marked as ultimately trustedgpg: directory '/root/.gnupg/openpgp-revocs.d' createdgpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/225C736E0E70AC222C072B70BBBE654440E720C1.rev'root:/var/www/app# gpg --output secret.gpg --armor --export-secret-key $emailroot:/var/www/app# head secret.gpg-----BEGIN PGP PRIVATE KEY BLOCK-----lQOYBGJD+bwBCADBGKySV5PINc5MmQB3PNvCG7Oa1VMBO8XJdivIOSw7ykv55PRP3g3R+ERd1Ss5gd5KAxLc1tt6PHGSPTypUJjCng2plwD8Jy5A/cC6o2x8yubOslLax1EC9fpcxUYUNXZavtEr+ylOaTaRz6qwSabsAgkg2NZ0ey/QKmFOZvhL8NlK9lTIGgZPTiqPCsr7hiNg0WRbT5h8nTmfpl/DdTgwfPsDn5Hn0TEMa79WsrPnnq16jsq0Uusuw3tOmdSdYnT8j7m1cpgcSj0hRF1eh4GVE0o62GqeLTWW9mfpcuv7n6mWaCB8DCH6H238gwUriq/aboegcuBktlvSY21q/MIXABEBAAEAB/wK/M2buX+vavRgDRgRhjUrsJTXO3VGLYcIetYXRhLmHLxBriKtcBa8OxLKKL5AFEuNourOBdcmTPiEwuxH5s39IQOTrK6B1UmUqXvFLasXghorv8o8KGRL4ABM4Bgn6o+KBAVLVIwvVIhQ4rlfroot:/var/www/app# gpg --armor --export $email > .dev/gpg-keys/alice-public.gpgroot:/var/www/app# head .dev/gpg-keys/alice-public.gpg-----BEGIN PGP PUBLIC KEY BLOCK-----mQENBGJD+bwBCADBGKySV5PINc5MmQB3PNvCG7Oa1VMBO8XJdivIOSw7ykv55PRP3g3R+ERd1Ss5gd5KAxLc1tt6PHGSPTypUJjCng2plwD8Jy5A/cC6o2x8yubOslLax1EC9fpcxUYUNXZavtEr+ylOaTaRz6qwSabsAgkg2NZ0ey/QKmFOZvhL8NlK9lTIGgZPTiqPCsr7hiNg0WRbT5h8nTmfpl/DdTgwfPsDn5Hn0TEMa79WsrPnnq16jsq0Uusuw3tOmdSdYnT8j7m1cpgcSj0hRF1eh4GVE0o62GqeLTWW9mfpcuv7n6mWaCB8DCH6H238gwUriq/aboegcuBktlvSY21q/MIXABEBAAG0HUFsaWNlIERvZSA8YWxpY2VAZXhhbXBsZS5jb20+iQFOBBMBCgA4FiEEIlxzbg5wrCIsBytwu75lREDnIMEFAmJD+bwCGy8FCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQu75lREDnIMEN4Af+
经验总结扩展阅读
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- Vue中使用Switch开关用来控制商品的上架与下架情况、同时根据数据库商品的状态反应到前台、前台修改商品状态保存到数据库
- 奥运会2008是哪个国家
- 火车硬卧行李放哪
- 南京高铁在哪个区
- 立秋分上午和下午吗
- 恋爱时不会主动找你聊天的星座女
- 松茸常温下可以保存多久
- 2023年10月5日是下葬的黄道吉日吗 2023年10月5日适合下葬吗
- 平鲁油菜花在哪里
- 24奥运会在哪个国家
