feat: SSH key rotation guide + .env.app preflight check#18
Merged
Conversation
- docs: new SSH Key Rotation section in VPS_DEPLOY.md (quarterly cadence, zero-downtime two-key window, recovery via provider console) - cd.yml: preflight SSH step that fails with a pointer to docs if ~/.env.app is missing or unreadable, warns on world-readable perms (octal-aware bitmask) - docs: section 5 now states ~/.env.app must pre-exist and documents the 600 permission expectation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two small polish items deferred from the last review pass.
.env.apppreflight (cd.yml): a new SSH step that runs beforedocker compose up -d --wait. It fails the workflow with a clear doc pointer if~/.env.appis missing or unreadable, and warns (does not fail) when the file is world-readable.~/.env.appmust pre-exist and thatchmod 600is the recommended permission.The preflight lives in
cd.ymlrather thanscripts/deploy-with-rollback.shbecause the shared script is also used by the CI rollback integration test (which runs without an env file on the runner) — keeping env-file assumptions in the production-only workflow preserves that symmetry.Test plan