[AWS Terraform] Unable to use stock image without Master Key #78
Description
When we deploy portal to AWS, it creates ECS task definition, with Docker image from public docker repo, and version based on the latest SHA from the master branch of the CovidShield Github repo.
When rails start, one of the first things that happen is that a file /config/credentials.yml.enc get read and is decrypted using a master key. That key is usually passed in the environment variables from variables.auto.tfvars or from secrets, etc.
The problem, as I see it (as non-Shopify members), is that when we use stock CovidShield portal image, the /config/credentials.yml.enc is baked into the image. However, we do not seem to have the key required to decrypt it.
If we want to use our own credentials, then we would need to roll our own image, unless we can inject them at runtime.
Workaround:
- start using our own images as we do not have the original master key, or
- inject our own credentials at runtime.
Request:
- AWS image that does not tie to Shopify's master key and an image with generic key that others can use.