Gabriel Radureau
e4a7f99333
provisionSandbox.ts now loads its own .env.sandbox (via @std/dotenv loadSync) instead of the shared .env, so prod (main.ts → .env) and sandbox (provisionSandbox.ts → .env.sandbox) configs don't collide. .gitignore widened to .env* (keeping .env.example tracked). .env.example rewritten to document the two-file convention + the per-env kubectl secret sources, including the caveat that a prod-seeded sandbox uses PROD's admin password. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
28 lines
1.2 KiB
Plaintext
28 lines
1.2 KiB
Plaintext
# Copy this template to one of:
|
|
# .env — production target, loaded by main.ts
|
|
# .env.sandbox — sandbox target, loaded by provisionSandbox.ts
|
|
# Both are gitignored. Never commit real secret values.
|
|
|
|
# --- Target ---
|
|
# prod: https://erp.arcodange.lab (.env)
|
|
# sandbox: https://erp-sandbox.arcodange.lab (.env.sandbox)
|
|
DOLIBARR_ADDRESS=https://erp.arcodange.lab
|
|
|
|
DOLI_ADMIN_LOGIN=admin
|
|
DOLI_ADMIN_PASSWORD=""
|
|
DOLI_DB_PASSWORD=""
|
|
ROOT_FOLDER=$HOME/erp
|
|
|
|
# Populate the passwords from the cluster secrets, e.g. (prod shown):
|
|
# DOLI_ADMIN_PASSWORD <- kubectl get secret secretkv -n erp -o jsonpath='{.data.DOLI_ADMIN_PASSWORD}' | base64 -d
|
|
# DOLI_DB_PASSWORD <- kubectl get secret vso-db-credentials -n erp -o jsonpath='{.data.password}' | base64 -d
|
|
#
|
|
# NOTE for a sandbox SEEDED from prod (ops/sandbox/sandbox-lifecycle.sh): the seed
|
|
# clones prod's admin password into the sandbox, so .env.sandbox's
|
|
# DOLI_ADMIN_PASSWORD must be PROD's admin password (-n erp), not the sandbox
|
|
# secretkv. The DB password is the sandbox's own (-n erp-sandbox).
|
|
|
|
# Optional: fix the provisioned user's password (else one is generated and only
|
|
# the API key is emitted to .ai_agent_sandbox.key).
|
|
# AI_AGENT_SANDBOX_PASSWORD=""
|