Convox Community

Is it possible to use deploy key for convox env?


My usecase:

I’d like to keep both deploy logic and configuring the app (setting env variable) in the repo. CI system should build it, so first - set up env variables and then deploy the app. I don’t want to stick to my CONVOX_API_KEY, cause if I will die, the whole deployment will stop working. So I’d like to use deploy key. According to doc it works only for “convox build” and “convox deploy” and not for “convox env”. Correct? Or am I missing something?

Hi Filip, I replied to your support ticket but will repeat here as well:
It really isn’t good practice to store your env vars in your repo… Otherwise you may as well just hard-code them into your codebase! Env vars should be for the things that change between environment, and for secrets that you want to keep out of your repo. What’s your use case here?

Let’s continue here, maybe it will be useful for others as well :slight_smile:

I am not going to store secrets in the repository. In my usecase Travis is responsible for building - all sensitive variables are available in the code, but encrypted. Then it is possible to just build again the app, because all the informations are available in the repository.

Travis doc regarding encrypting variables:

Hey @filip.golonka,
Thanks for that, it makes sense! I’ve made changes so this is now possible to do a convox env set and convox env unset with a deploy key and updated the docs to make it clear what else is possible: :smile: