ahmido/lms
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6ba9651f34
lms/specs/001-add-dokploy-deploy/checklists/deployment-credentials.md

2.2 KiB
Raw Blame History

Dokploy Project-Level Secrets (deployment-credentials)

Purpose: document how to add and manage Dokploy project-level secrets that Dokploy will use to access repositories or external resources.

  1. In Dokploy, open the project settings for this repository/project.
  2. Navigate to "Secrets" or "Project-level secrets".
  3. Add a secret named REPO_DEPLOY_KEY containing a deploy key or token the Dokploy runner can use to clone the Gitea repository (recommended: SSH key or personal access token with repo read access).
  4. Add any other required secrets (e.g., registry credentials) and mark them as masked.
  5. In project configuration, reference the secret names so Dokploy injects them into the deploy environment.

Security notes:

  • Use least-privilege tokens (read-only where possible).
  • Rotate keys periodically and document rotation steps in the runbook.
  • Do not commit secrets into repository files; store them only in Dokploy secrets or an external vault.

Example: adding the provided deploy SSH public key

  1. Create a new secret named REPO_DEPLOY_KEY (type: ssh key) in the Dokploy project secrets.
  2. Paste the following public key as the value for REPO_DEPLOY_KEY (label recommended: dokploy):
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCWNMhk+l4wY22aanXLRv0ATXwq3qwmePprMpTHxjUHakEfmefLlD0EGmSFJpMX+/owKyfyo6gJBRGtmUJtJPMIOgxb9GRhrs7vXHYhjw/RhTAfo45CGrnuqbDBp4OmDqe2Cdm7801UxzuJEbP+5Vtehg2uumKKWzWodTzMP7RjSAXEZHOh8+NhoK5LtMJzKHqw/lm0+q1evfL9LQ2POJBxgWdYYa/A7P3ZCGY4XjjdwB2Gh6hRKyy+ZQsuUximCQEAPCmRnKI0FyLXqLvlXCvyFUyKctlLvazQ7YgWLIVrVee14pQq/rr0lvagf3ODcJJF+dnWOjpPC6YzpPJV20/a2sHlr24dr50E1aNoh9OZVTayTcY7PBWkju3MaQXK3xL7OxnLs/c/juwu/6TOsqCjaUJXJcIDsniwjq2htaAqiweNfGZYp0gcE7D/O4cQShE/BMtxa2dLggcRUBA9UJptXkPS/fE2unjhxlH/c3PJqpFbSDh8WuCVVGa67ezd2FpqOd1zFbdf1tuUjEerwQvOwTGT4x1AuFiciYTd85sTWejR7CQ7IRR+Zms9QHvhYifAc3N2NP4rNh64o0nXUgON66uFrABEdHGGXIyrRJw6KTNJFrrgENEeeb0Q42fuPkMe9a8DFmqNxWzVcIEnRSsCnOM5rTJnLQzMoBjuyVp4Sw== dokploy

  1. Ensure the Dokploy project configuration references REPO_DEPLOY_KEY for repository clone operations and Git LFS access.

  2. Optionally, add a short note in the project config: "This key is used by Dokploy to clone the ahmido/lms repo and fetch LFS objects."