2 months ago
I have a build step that I need to run one shell script and one python script in order to generate and decrypt a certificate in order to authenticate me to a financial service I'm integrating with, how do I do this with railpack? or I'll need to use exclusively Dockerfile?
16 Replies
2 months ago
Hey there! We've found the following might help you get unblocked faster:
If you find the answer from one of these, please let us know by solving the thread!
2 months ago
and yes, I'll need to eventually write the certificate path into service variables but first I need to actually generate the keys and certificates inside the build container.
2 months ago
It is a Go service by the way, but the build step require python and shell commands
2 months ago
I highly recommend just using a Dockerfile. Do you need assistance creating one?
2 months ago
Furthermore I would recommend writing all you need to happen in a shell script and executing it from the Dockerfile as opposed to going through command by command directly. Something like generate-certificates.sh
2 months ago
Why would you require shell and python for a go app?
irazvan2745
Why would you require shell and python for a go app?
2 months ago
@loudbook, I'll take your recommendation and just write a Dockerfile with accurate instructions, thank you.
2 months ago
oops. I answered the wrong person.
irazvan2745
Why would you require shell and python for a go app?
2 months ago
Not for the Go app, but for certain certificates I need to generate in order to authenticate my service calls to a financial API.
If you're not authenticated, e.g don't have the certificates, they won't allow any of my calls.
2 months ago
If your certificate is intended to stay private embedding it into a Dockerfile at build time might not be a good idea security-wise. Assuming your certificate is static and requires no runtime changes I'd suggest you to embed your certificate as environment variable/secret.
This also would make it easier to scale your service.
Once certificate is available as ENV you can update your app to read the contents of it from a ENV variable. If your app need the cert to be a file, you can make a custom start command like this one echo "$CERT_VAR" > cert.pem && the_command_to_start_your_app
vedmaka
If your certificate is intended to stay private embedding it into a Dockerfile at build time might not be a good idea security-wise. Assuming your certificate is static and requires no runtime changes I'd suggest you to embed your certificate as environment variable/secret.This also would make it easier to scale your service.Once certificate is available as ENV you can update your app to read the contents of it from a ENV variable. If your app need the cert to be a file, you can make a custom start command like this one echo "$CERT_VAR" > cert.pem && the_command_to_start_your_app
2 months ago
What if it's a .key and a .pem file? both need to be available to authenticate.
2 months ago
but I get your idea
2 months ago
You can have two ENV vars, one for key and one for pem and then extend the start command with something like echo "$CERT_VAR" > cert.pem && echo "$KEY_VAR" > key.key && command_to_start_you_app or just update your app to source key and cert from related ENVs
2 months ago
I believe they said that it needs to be generated decrypted each time? I don't think they would be able to just put them in a variable.
2 months ago
either way, I just switched from railpack to straightforward Dockerfile and It worked, thanks everyone.
2 months ago
I want to mark this thread as closed.
Status changed to Solved noahd • about 2 months ago