Now you're set up and have an understanding of where you'll be working, let's take a look at configuring your Catwalk.
Most of our configuration for the Catwalks takes place in backend. There's a
config/ inside each of your Project folders. These are used to set configurations on a per-project-basis. This
project.yml is the base configuration, which can be overwritten on a per-environment basis. For example, you could overwrite the access credentials for your different connected APIs on
development and on
In order to do so, add a
project.yml.staging to the directory
config/ with the needed overwrites.
Securing Production Configs
As the production access tokens and configuration of the connected APIs shouldn't be publicly available to everybody on the Project, it's recommended to encrypt these configurations if necessary.
The API tokens will of course not be publicly accessible in general, but as they normally lie inside our
project.yml in the
config/ folder and therefore inside the repository, they would be available to everyone who has access to that private repository!
Adding Encrypted Project Configurations
We have introduced a way to add another ansible-vault for encrypted project configurations. This vault should be just an encrypted version of the
project.yml with the necessary overwrites and should be named accordingly: *
project.yml.crypt for Production
project.yml.staging.crypt for Staging
These files will then get decrypted on our servers to make them available there.
The files are sourced in the following hierarchy and values from top are overwritten the way down:
Creating the Ansible-Vault
In order to create a vault you could follow the documentation of ansible here: https://docs.ansible.com/ansible/latest/user_guide/vault.html#creating-encrypted-files
Basically, you'll need to run the following command on your shell inside the Project's config directory:
# cd to project's config directory, where $PROJECT is something like "demo_de" cd $PROJECT/config # create the ansible vault there with an vault-id that equals your customer's name, e.g. "demo" # Keep in mind that it should be a unique password that needs to be known by Frontastic as well, so please don't # reuse a password here! ansible-vault create --vault-id $CUSTOMER@prompt project.yml.crypt
The password you choose here needs to be known by Frontastic, so that it could be configured on our Servers properly. Don't reuse another password here!
Choose any new password you like and get in touch with one of the Frontastic team, so that they could configure the servers properly to use the password you've used so that it gets decrypted on the production and staging machines.
Please don't forget to check in the generated encrypted vault file into the Git.
Editing the Ansible-Vault
You could edit the vault by running the following command:
ansible-vault edit --vault-id $CUSTOMER@prompt project.yml.crypt
For further details, see the Ansible documentation: https://docs.ansible.com/ansible/latest/user_guide/vault.html#editing-encrypted-files
Now you're ready to start using Frontastic!
‹ Back to Article List