This sounds really exciting. I love your live demo, really slick introduction and tutorial - and answered some questions I had about E2E! I've got a couple of other questions though.
> 12 full stack preview environments per commit with up to 16GB of memory and 6 CPUs
Quote from your pricing. If we had a monorepo with over 12 small test/integration jobs, but not 12 full preview environments, is this usable? Are they one and the same, or can we have eg. a suite of unit tests that don't count toward this full preview limit? Do some teams keep some unit tests off Layer and just use you for the more interesting pieces?
Second, do you have any documentation about which databases you support? Concretely can you restore a MongoDB snapshot super-fast?
Third, do you have any story around secrets if we want the staging server to hold some secret API keys? Currently we can do this with AWS (own account) CI machines in Gitlab deploying to ECS with AWS secrets - they stay end-to-end encrypted and nobody sees them. Is there any similar way we can get secrets onto a staging server without you having access to them? I suspect this would be a deal breaker for the staging use case for my team.
Similar to above, our database snapshots are stored in non-public S3 buckets, how would that work? Again currently it's a case of giving the CI AWS role permission to access them, not sure what an equivalent would look like.
One more, is it possible to access the built docker images? We deploy Docker images to ECS, and currently they're the exact same ones built and tested in CI which is a nice reassurance. Do your customers have an out-of-band process for building + deploying to production outside of Layer?
Aside, I think this may be a typo on your pricing page? "We'll never increase your the terms of your bill once you start your subscription."
I am curious about the third point of e2e encryption of the secrets. The problem is that the hosting provider would see plaintext secrets or that someone with access to AWS account could see them? You could also input the encrypted secrets theoretically into any service and then decrypt them in your application.
Just curious on what kind of considerations do you have when choosing a hosting provider.
It's basically the same concern as having them in source code, we want to be able to control/restrict access to them. In AWS we can do that becase they're encrypted with a KMS key and unless a user/role has permission to decrypt with that key it can't decrypt the secret. This does assume that AWS aren't lying about encrypting things, and that their employees can't access our KMS keys.
We currently use Gitlab for our CI/CD pipelines, but using our own runners in our own AWS account. So if we want to deploy a staging environment from there, it's actually deploying from an AWS role that we control, we're not leaking any secrets to Gitlab or anywhere else.
I'm just wondering how people get around this in Layer/any hosted CI/CD setup where you can't have your own runners inside your AWS account. Especially because they don't replace the production deploy, so ultimately those secrets are staying in AWS - perhaps in addition to wherever they need to go with Layer.
We have a secrets dashboard, they are stored encrypted in our database (though many users have something like hashicorp vault with a central repository, with only the access key stored in our database). The secrets are only viewable by admins of your organization.
Most of our users build their docker images within LayerCI, then push to ECS by adding a write-only access key as a secret. Deployment is often done with something like Terraform or ArgoCD.
> 12 full stack preview environments per commit with up to 16GB of memory and 6 CPUs
Quote from your pricing. If we had a monorepo with over 12 small test/integration jobs, but not 12 full preview environments, is this usable? Are they one and the same, or can we have eg. a suite of unit tests that don't count toward this full preview limit? Do some teams keep some unit tests off Layer and just use you for the more interesting pieces?
Second, do you have any documentation about which databases you support? Concretely can you restore a MongoDB snapshot super-fast?
Third, do you have any story around secrets if we want the staging server to hold some secret API keys? Currently we can do this with AWS (own account) CI machines in Gitlab deploying to ECS with AWS secrets - they stay end-to-end encrypted and nobody sees them. Is there any similar way we can get secrets onto a staging server without you having access to them? I suspect this would be a deal breaker for the staging use case for my team.
Similar to above, our database snapshots are stored in non-public S3 buckets, how would that work? Again currently it's a case of giving the CI AWS role permission to access them, not sure what an equivalent would look like.
One more, is it possible to access the built docker images? We deploy Docker images to ECS, and currently they're the exact same ones built and tested in CI which is a nice reassurance. Do your customers have an out-of-band process for building + deploying to production outside of Layer?
Aside, I think this may be a typo on your pricing page? "We'll never increase your the terms of your bill once you start your subscription."