Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ENG-3274 feat(portal): Change the Portal app to access Secrets Manager #801

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

ENG-3274 feat(portal): Change the Portal app to access Secrets Manager #801

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
7d51047
feat: getting secrets from secrets manager
cgmello Aug 26, 2024
948b122
Merge branch 'main' into ENG-3274-secrets-to-dockerfile
cgmello Sep 13, 2024
e920869
draft: change the branch to test the workflow online
cgmello Sep 13, 2024
5b17bf6
fix: missing slash on the docker command
cgmello Sep 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 14 additions & 40 deletions .github/workflows/deploy_dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,18 @@ name: Deploy Portal to Dev
on:
push:
branches:
- main
- ENG-3274-secrets-to-dockerfile

jobs:
deploy-dev:
name: Deploy to Dev
runs-on: ubuntu-latest
env:
ENV: development
CLUSTER_NAME: systems-intuition-dev-cluster
SERVICE_NAME: portal-intuition-dev
ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-dev:latest
SECRETS_MANAGER: arn:aws:secretsmanager:us-west-2:064662847354:secret:portal.dev-9XdIU9

steps:
- name: Check if important variables are set
Expand All @@ -34,10 +36,11 @@ jobs:
- name: Print variables
shell: bash
run: |
echo "ENV=$ENV"
echo "CLUSTER_NAME=$CLUSTER_NAME"
echo "SERVICE_NAME=$SERVICE_NAME"
echo "ECR_IMAGE=$ECR_IMAGE"
echo "ENV=${{ env.ENV }}"
echo "CLUSTER_NAME=${{ env.CLUSTER_NAME }}"
echo "SERVICE_NAME=${{ env.SERVICE_NAME }}"
echo "ECR_IMAGE=${{ env.ECR_IMAGE }}"
echo "SECRETS_MANAGER=${{ env.SECRETS_MANAGER }}"

- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -72,43 +75,14 @@ jobs:

- name: Build, tag, and push image to AWS ECR
run: |
echo "${{ secrets.PRIVY_VERIFICATION_KEY_DEV }}" > privy_verification_key.pem
docker build \
--platform linux/x86_64 \
-t portal \
-f apps/portal/Dockerfile \
. \
--build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \
--build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \
--build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \
--build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \
--build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \
--build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \
--build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \
--build-arg API_URL=${{ secrets.API_URL }} \
--build-arg API_KEY=${{ secrets.API_KEY }} \
--build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID }} \
--build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET }} \
--build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \
--build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \
--build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \
--build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \
--build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
--build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
--build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \
--build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \
--build-arg VITE_DEPLOY_ENV=development \
--build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_DEVELOPMENT }} \
--build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \
--build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \
--build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \
--build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \
--build-arg FF_FULL_LOCKDOWN_ENABLED=false \
--build-arg FF_GENERIC_BANNER_ENABLED=true \
--build-arg FF_INCIDENT_BANNER_ENABLED=false
docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \
--build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \
--build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} \
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
--build-arg AWS_REGION=${{ secrets.AWS_REGION }}
docker tag portal ${{ env.ECR_IMAGE }}
docker push ${{ env.ECR_IMAGE }}
rm privy_verification_key.pem

- name: Download task definition
shell: bash
Expand Down
52 changes: 13 additions & 39 deletions .github/workflows/deploy_production.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ jobs:
name: Deploy to Production
runs-on: ubuntu-latest
env:
ENV: production
CLUSTER_NAME: systems-intuition-production-cluster
SERVICE_NAME: portal-intuition-production
ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-production:latest
SECRETS_MANAGER: arn:aws:secretsmanager:us-west-2:064662847354:secret:portal.production-j8YmqZ

steps:
- name: Check if important variables are set
Expand All @@ -35,10 +37,11 @@ jobs:
- name: Print variables
shell: bash
run: |
echo "ENV=$ENV"
echo "CLUSTER_NAME=$CLUSTER_NAME"
echo "SERVICE_NAME=$SERVICE_NAME"
echo "ECR_IMAGE=$ECR_IMAGE"
echo "ENV=${{ env.ENV }}"
echo "CLUSTER_NAME=${{ env.CLUSTER_NAME }}"
echo "SERVICE_NAME=${{ env.SERVICE_NAME }}"
echo "ECR_IMAGE=${{ env.ECR_IMAGE }}"
echo "SECRETS_MANAGER=${{ env.SECRETS_MANAGER }}"

- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -73,43 +76,14 @@ jobs:

- name: Build, tag, and push image to AWS ECR
run: |
echo "${{ secrets.PRIVY_VERIFICATION_KEY_PROD }}" > privy_verification_key.pem
docker build \
--platform linux/x86_64 \
-t portal \
-f apps/portal/Dockerfile \
. \
--build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \
--build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \
--build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \
--build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \
--build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \
--build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \
--build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \
--build-arg API_URL=${{ secrets.API_URL_PRODUCTION }} \
--build-arg API_KEY=${{ secrets.API_KEY }} \
--build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID_PRODUCTION }} \
--build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET_PRODUCTION }} \
--build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \
--build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \
--build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \
--build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \
--build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
--build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
--build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \
--build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \
--build-arg VITE_DEPLOY_ENV=production \
--build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_PRODUCTION }} \
--build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \
--build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \
--build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \
--build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \
--build-arg FF_FULL_LOCKDOWN_ENABLED=false \
--build-arg FF_GENERIC_BANNER_ENABLED=false \
--build-arg FF_INCIDENT_BANNER_ENABLED=false
docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \
--build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \
--build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} \
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
--build-arg AWS_REGION=${{ secrets.AWS_REGION }}
docker tag portal ${{ env.ECR_IMAGE }}
docker push ${{ env.ECR_IMAGE }}
rm privy_verification_key.pem

- name: Download task definition
shell: bash
Expand Down
52 changes: 13 additions & 39 deletions .github/workflows/deploy_staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ jobs:
name: Deploy to Staging
runs-on: ubuntu-latest
env:
ENV: staging
CLUSTER_NAME: systems-intuition-staging-cluster
SERVICE_NAME: portal-intuition-staging
ECR_IMAGE: ${{ secrets.AWS_ACCOUNT }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/portal-staging:latest
SECRETS_MANAGER: arn:aws:secretsmanager:us-west-2:064662847354:secret:portal.staging-dw3JHq

steps:
- name: Check if important variables are set
Expand All @@ -35,10 +37,11 @@ jobs:
- name: Print variables
shell: bash
run: |
echo "ENV=$ENV"
echo "CLUSTER_NAME=$CLUSTER_NAME"
echo "SERVICE_NAME=$SERVICE_NAME"
echo "ECR_IMAGE=$ECR_IMAGE"
echo "ENV=${{ env.ENV }}"
echo "CLUSTER_NAME=${{ env.CLUSTER_NAME }}"
echo "SERVICE_NAME=${{ env.SERVICE_NAME }}"
echo "ECR_IMAGE=${{ env.ECR_IMAGE }}"
echo "SECRETS_MANAGER=${{ env.SECRETS_MANAGER }}"

- name: Checkout code
uses: actions/checkout@v4
Expand Down Expand Up @@ -73,43 +76,14 @@ jobs:

- name: Build, tag, and push image to AWS ECR
run: |
echo "${{ secrets.PRIVY_VERIFICATION_KEY_PROD }}" > privy_verification_key.pem
docker build \
--platform linux/x86_64 \
-t portal \
-f apps/portal/Dockerfile \
. \
--build-arg ALCHEMY_MAINNET_API_KEY=${{ secrets.ALCHEMY_MAINNET_API_KEY }} \
--build-arg ALCHEMY_API_KEY=${{ secrets.ALCHEMY_API_KEY }} \
--build-arg ALCHEMY_MAINNET_RPC_URL=${{ secrets.ALCHEMY_MAINNET_RPC_URL }} \
--build-arg ALCHEMY_BASE_SEPOLIA_RPC_URL=${{ secrets.ALCHEMY_BASE_SEPOLIA_RPC_URL }} \
--build-arg ALCHEMY_BASE_RPC_URL=${{ secrets.ALCHEMY_BASE_RPC_URL }} \
--build-arg WALLETCONNECT_PROJECT_ID=${{ secrets.WALLETCONNECT_PROJECT_ID }} \
--build-arg SESSION_SECRET=${{ secrets.SESSION_SECRET }} \
--build-arg API_URL=${{ secrets.API_URL_PRODUCTION }} \
--build-arg API_KEY=${{ secrets.API_KEY }} \
--build-arg PRIVY_APP_ID=${{ secrets.PRIVY_APP_ID_STAGING }} \
--build-arg PRIVY_APP_SECRET=${{ secrets.PRIVY_APP_SECRET_STAGING }} \
--build-arg PRIVY_VERIFICATION_KEY="$(cat privy_verification_key.pem)" \
--build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \
--build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \
--build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \
--build-arg SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
--build-arg SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} \
--build-arg SENTRY_ORG=${{ secrets.SENTRY_ORG }} \
--build-arg SENTRY_PROJECT=${{ secrets.SENTRY_PROJECT }} \
--build-arg VITE_DEPLOY_ENV=staging \
--build-arg ORIGIN_URL=${{ secrets.ORIGIN_URL_PRODUCTION }} \
--build-arg PHOSPHOR_API_KEY=${{ secrets.PHOSPHOR_API_KEY }} \
--build-arg PHOSPHOR_ADMIN_API_URL=${{ secrets.PHOSPHOR_ADMIN_API_URL }} \
--build-arg PHOSPHOR_COLLECTION_ID=${{ secrets.PHOSPHOR_COLLECTION_ID }} \
--build-arg GTM_TRACKING_ID=${{ secrets.GTM_TRACKING_ID }} \
--build-arg FF_FULL_LOCKDOWN_ENABLED=false \
--build-arg FF_INCIDENT_BANNER_ENABLED=false \
--build-arg FF_GENERIC_BANNER_ENABLED=false
docker build --platform linux/x86_64 -t portal -f apps/portal/Dockerfile . \
--build-arg VITE_DEPLOY_ENV=${{ env.ENV }} \
--build-arg SECRETS_MANAGER=${{ env.SECRETS_MANAGER }} \
--build-arg AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \
--build-arg AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \
--build-arg AWS_REGION=${{ secrets.AWS_REGION }}
docker tag portal ${{ env.ECR_IMAGE }}
docker push ${{ env.ECR_IMAGE }}
rm privy_verification_key.pem

- name: Download task definition
shell: bash
Expand Down
87 changes: 24 additions & 63 deletions apps/portal/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,82 +1,34 @@
FROM docker.io/node:lts-alpine as base

ARG ALCHEMY_MAINNET_API_KEY=${ALCHEMY_MAINNET_API_KEY}
ARG ALCHEMY_API_KEY=${ALCHEMY_API_KEY}
ARG ALCHEMY_MAINNET_RPC_URL=${ALCHEMY_MAINNET_RPC_URL}
ARG ALCHEMY_BASE_SEPOLIA_RPC_URL=${ALCHEMY_BASE_SEPOLIA_RPC_URL}
ARG ALCHEMY_BASE_RPC_URL=${ALCHEMY_BASE_RPC_URL}
ARG WALLETCONNECT_PROJECT_ID=${WALLETCONNECT_PROJECT_ID}
ARG SESSION_SECRET=${SESSION_SECRET}
ARG API_URL=${API_URL}
ARG API_KEY=${API_KEY}
ARG PRIVY_APP_ID=${PRIVY_APP_ID}
ARG PRIVY_APP_SECRET=${PRIVY_APP_SECRET}
ARG PRIVY_VERIFICATION_KEY=${PRIVY_VERIFICATION_KEY}
ARG CLOUDINARY_CLOUD_NAME=${CLOUDINARY_CLOUD_NAME}
ARG CLOUDINARY_API_KEY=${CLOUDINARY_API_KEY}
ARG CLOUDINARY_API_SECRET=${CLOUDINARY_API_SECRET}
ARG SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN}
ARG SENTRY_DSN=${SENTRY_DSN}
ARG SENTRY_ORG=${SENTRY_ORG}
ARG SENTRY_PROJECT=${SENTRY_PROJECT}
ARG ORIGIN_URL=${ORIGIN_URL}
ARG PHOSPHOR_API_KEY=${PHOSPHOR_API_KEY}
ARG PHOSPHOR_ADMIN_API_URL=${PHOSPHOR_ADMIN_API_URL}
ARG PHOSPHOR_COLLECTION_ID=${PHOSPHOR_COLLECTION_ID}
ARG GTM_TRACKING_ID=${GTM_TRACKING_ID}
ARG FF_FULL_LOCKDOWN_ENABLED=${FF_FULL_LOCKDOWN_ENABLED}
ARG FF_INCIDENT_BANNER_ENABLED=${FF_INCIDENT_BANNER_ENABLED}
ARG FF_GENERIC_BANNER_ENABLED=${FF_GENERIC_BANNER_ENABLED}
ARG VITE_DEPLOY_ENV=${VITE_DEPLOY_ENV}

ENV ALCHEMY_MAINNET_API_KEY=${ALCHEMY_MAINNET_API_KEY}
ENV ALCHEMY_API_KEY=${ALCHEMY_API_KEY}
ENV ALCHEMY_MAINNET_RPC_URL=${ALCHEMY_MAINNET_RPC_URL}
ENV ALCHEMY_BASE_SEPOLIA_RPC_URL=${ALCHEMY_BASE_SEPOLIA_RPC_URL}
ENV ALCHEMY_BASE_RPC_URL=${ALCHEMY_BASE_RPC_URL}
ENV WALLETCONNECT_PROJECT_ID=${WALLETCONNECT_PROJECT_ID}
ENV SESSION_SECRET=${SESSION_SECRET}
ENV API_URL=${API_URL}
ENV API_KEY=${API_KEY}
ENV PRIVY_APP_ID=${PRIVY_APP_ID}
ENV PRIVY_APP_SECRET=${PRIVY_APP_SECRET}
ENV PRIVY_VERIFICATION_KEY=${PRIVY_VERIFICATION_KEY}
ENV CLOUDINARY_CLOUD_NAME=${CLOUDINARY_CLOUD_NAME}
ENV CLOUDINARY_API_KEY=${CLOUDINARY_API_KEY}
ENV CLOUDINARY_API_SECRET=${CLOUDINARY_API_SECRET}
ENV SENTRY_PROJECT=${SENTRY_PROJECT}
ENV SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN}
ENV SENTRY_DSN=${SENTRY_DSN}
ENV SENTRY_ORG=${SENTRY_ORG}
ENV ORIGIN_URL=${ORIGIN_URL}
ENV PHOSPHOR_API_KEY=${PHOSPHOR_API_KEY}
ENV PHOSPHOR_ADMIN_API_URL=${PHOSPHOR_ADMIN_API_URL}
ENV PHOSPHOR_COLLECTION_ID=${PHOSPHOR_COLLECTION_ID}
ENV GTM_TRACKING_ID=${GTM_TRACKING_ID}
ENV FF_FULL_LOCKDOWN_ENABLED=${FF_FULL_LOCKDOWN_ENABLED}
ENV FF_INCIDENT_BANNER_ENABLED=${FF_INCIDENT_BANNER_ENABLED}
ENV FF_GENERIC_BANNER_ENABLED=${FF_GENERIC_BANNER_ENABLED}
ENV VITE_DEPLOY_ENV=${VITE_DEPLOY_ENV}

WORKDIR /app

ARG SECRETS_MANAGER
ARG VITE_DEPLOY_ENV
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
ARG AWS_REGION

COPY package.json \
project.json \
project.json \
tsconfig* \
nx.json \
pnpm*.yaml \
.eslintrc.base.cjs \
.verdaccio \
.eslintrc.base.cjs \
.verdaccio \
./

COPY apps/portal ./apps/portal
COPY packages ./packages

RUN apk add --no-cache \
python3 \
make \
gcc \
g++
g++ \
py3-pip \
jq

RUN pip3 install --no-cache-dir awscli --break-system-packages
RUN npm install -g [email protected]

FROM base as build
Expand All @@ -86,9 +38,18 @@ RUN pnpm run portal:build

FROM base
COPY --from=build /app /app

ENV VITE_DEPLOY_ENV=$VITE_DEPLOY_ENV
ENV SECRETS_MANAGER=$SECRETS_MANAGER
ENV AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
ENV AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
ENV AWS_REGION=$AWS_REGION
ENV NX_REJECT_UNKNOWN_LOCAL_CACHE=0
ENV PORT=8080
ENV HOST=0.0.0.0

EXPOSE 8080
CMD [ "pnpm", "run", "portal:start" ]

RUN chmod +x ./apps/portal/entrypoint.sh

ENTRYPOINT ["./apps/portal/entrypoint.sh"]
12 changes: 12 additions & 0 deletions apps/portal/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh

aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
aws configure set region $AWS_REGION
aws secretsmanager get-secret-value --secret-id $SECRETS_MANAGER --query SecretString --output text > secrets.json

$(jq -r 'to_entries | .[] | "export \(.key)=\(.value)"' secrets.json)

rm -rf secrets.json

pnpm run portal:start
Loading