I am changing my deploy from AWS to heroku, my back-end application is built with the Node-Hapi-MongoDb(mLab) stack. However, I want to hide my environment variables (i.e: MongoDb URL, Token, JsonWebToken Secret etc etc...). So I have implemented git-crypt successfully within github and AWS. It worked fine. But I had to manually decrypt in the AWS server.
So when I try to deploy to the Heroku with the command:
git push heroku master
I can see the files encrypted by the git-crypt does not get decrypted.
I have tried to follow this README heroku-buildpack-git-crypt
But i could not understand a few things:
- ou have to create a gpg key for your heroku app: gpg --default-new-key-algo rsa4096 --gen-key
Always that I try to create a gpg-key with this command I receive the following message:
Note that this key cannot be used for encryption. You may want to use
the command "--edit-key" to generate a subkey for this purpose.
- Then, you have to add this key to your repository to make it a contributor:
git crypt add-gpg-user <email of your key for your heroku app>
My repository already had git-crypt but with a different email than the one i am using in heroku, does the email has to be the same?
- After that, you have to specify GPG_PRIVATE_KEY in Heroku with contents of the private key.
What is the GPG_PRIVATE_KEY in Heroku with contents and how can i get this information?
My question is: how can i configure the git-crypt with heroku? or
Is there an automated way of deploying an encrypted github repo to the heroku and inside heroku environment decrypt and run the application?