- You're packaging (i.e. want to create SXG for)
amp.dev
(this exact domain), and the appropriate certificates are in thecerts/
directory. - You're deploying to the Google Cloud project
amp-dev-sxg
, and the password to decrypt the key will be available via project-wide custom metadata at http://metadata.google.internal/computeMetadata/v1/project/attributes/password (seedecrypt.sh
).
If either of these is not true, you will need to make changes to make the
correct certificate available, and to ensure the unencrypted certificates make
it onto the container. Please see Dockerfile
and decrypt.sh
, and the sample
command for encryption and decription at the bottom of this file. It may also be
useful to be aware of how to pass environment variables to Docker via the
--env
command.
# deploy
$ cd .. && gulp packagerDeploy
# build local Docker image called "amppkg"
$ docker build -t amppkg .
# create local container from Docker image, expose ports (uses CMD)
$ docker run -p 8080:8080 --env PASSWORD=$PASSWORD amppkg
# create (local) container from Docker image and provide shell (ignore CMD)
$ docker run -it amppkg bash
Encrypt file:
openssl aes-256-cbc -md md5 -e -k $PASSWORD -in plain.pem -out encrypted.pem.enc
Decrypt file:
openssl aes-256-cbc -md md5 -d -k $PASSWORD -in encrypted.pem.enc -out plain.pem