This repo is a collection of operation scripts I stub out and use for my various websites, bots and infrastructure.
Be sure to read how I secure deployments to my home using the scripts in this repository.
Every push will redeploy the scripts & reinstall the crontab to my raspberry pi overseeing the secure operations of my DigitalOcean infrastructure. See the github action workflow
It all starts from this crontab entry:
32 * * * * /home/ubuntu/my-ca/update_github_secrets.sh
After ingesting the requisite environment variables, it calls vault_update_secrets.py which initially gets the last-modified dates of all my Vault application secrets. Then it goes over to Github and grabs the same data in order to compare which secrets are out-of-sync (meaning updated in Vault where I now manage my secrets).
Updated (or created) secrets are highlighted via Slackbot message with a super helpful pointer to which repos use those secrets (and may need to be redeployed) via https://api.github.com/search/code?q=org%3Aackersonde+{secret_name}&type=Code
.
Check out the blog post here: XYZ