[20170421193816] Secure Environment Variables

Secure Environment

A secure environment can be specified for a container in the docker-compose.yml file by adding convox.environment.secure=true to the labels, like so:

version: "2"

services:
  web:
    build: .
    ports:
      - 4444:4444
    labels:
      - convox.environment.secure=true

Once the secure environment is enabled, 3 environment variables will be passed into the container at runtime. These variables are:

  • SECURE_ENVIRONMENT_URL - The url to the s3 file that contains the environment (encrypted with KMS)
  • SECURE_ENVIRONMENT_TYPE - The type of the file that is encrypted in s3. This is reserved for the future. For now it only returns envfile
  • SECURE_ENVIRONMENT_KEY - The arn to the KMS key. Used for decryption of the environment file referenced by SECURE_ENVIRONMENT_URL

See #2150 and #2160 for more information

Remove instance type check

Removing the instance type check to prevent users from being blocked when a new instance type is introduced. Any typos will not be immediately obvious as it’s now CloudFormation’s responsibility to validate the type. The rack will eventually rollback and show the original instance type if an invalid type is specified.

See #2165 for more information