May I ask how you’re managing secrets with this setup? For example, the secret key or database URL.
Our current setup deploys an env file which is sourced before starting the process. I’m less sure how this translates to a production docket deployment.
Docker shouldn't affect your secrets management because secrets shouldn't be baked into your image anyways. I tend to expose them as environment vars and currently use Kubernetes to expose a keyvault url/password so the app can automatically grab all the secrets
We manage them with env vars now. But we use salt (encrypted) to deploy a secrets file onto the server which is sourced before the app is started. With something like ECS I didn’t know if you could feed it an env file, and if you could, how you could make it available.
I've only been using Docker/ECS on side projects, but I generate the production build Docker image with the production .env included, push it to a private repo on Amazon ECR, then pull it in to ECS from there.
My understanding is the best practice for Docker/ECS production deployment is to create Docker images containing the full app build, rather than managing the app deployment separately from image deployment. As opposed to development Docker images that rely on docker-compose to mount the host filesystem in the Docker container, the production image Dockerfile includes COPY instructions for the production build files, to be included in the image.
Our current setup deploys an env file which is sourced before starting the process. I’m less sure how this translates to a production docket deployment.