Google Sign-In Required

Use your company Google account to access the BetterFleet private content.

Back to private home

BetterFleet Support Private
Skip to content
BetterFleet Dev Wiki
Secrets and Env Strategy
Initializing search
    bf-dev
    • Home
    • Product Capabilities
    • Process
    • Current Work
    • System Design
    • Software Reference
    • Operations
    bf-dev
    • Home
      • Overview
      • Manage
      • Overview
      • Product Engineering Workflow
      • Product Engineering Delivery
      • Product Engineering Workflow in Linear
        • GitLab Feature Flags
        • In-App Docs Authoring
        • Release Notes
      • Templates
      • Publishing
      • Workflow Companions
      • Overview
      • Active Artifacts
      • Backlog Artifacts
      • Archived Artifacts
      • Overview
      • Microgrid
      • OSCP
        • Challenge
        • Specification
        • Spec
        • Architecture
        • Overview
        • Script Runtime Model
        • Compose Profiles and Modes
        • Repo Topology
        • CI and Release Integration
        • Overview
        • Internal Application Diagrams
          • Overview
          • Web Model
          • Core Model
        • Service Interaction Flows
        • Data and State
          • Index
          • bf-manage-web
          • bf-manage-core
          • bf-manage-connect
          • bf-manage-sitepwrmon
          • bf-manage-incidents
          • bf-telematics
          • bf-depot-sim
          • bf-manage-roaming
          • bf-support-microsite
          • bf-digital-twin
          • bf-schedule-creator
        • Overview
        • Internal Application Diagrams
        • Migration and Flags
        • Simulation Request Lifecycle
          • Index
          • bf-bnl-ui
          • bf-bnl-settings
          • bf-bnl-schedule-analysis-compute
          • bf-route-modelling
          • bf-schedule-creator
          • bf-digital-twin
        • Overview
        • Secrets and Env Strategy
          • Source of Secrets
          • Flow Diagram
          • Rotation and Validation
        • Vendors and Local Dependencies
        • ADRs
        • Service Matrix
        • Cloud Dependencies
        • Ports and URLs
      • Onboarding
      • Daily Operations Runbook
        • Overview
        • Staging Hotfix Release
        • Production Hotfix Release
        • Terraform Plan Dry Runs
      • Troubleshooting
      • Testing Guide
    • Source of Secrets
    • Flow Diagram
    • Rotation and Validation

    Secrets and Env Strategy¶

    Source of Secrets¶

    • Canonical source: 1Password vault items
    • Injection mechanism: op inject in ./init
    • Templates in git: *.env.tmpl
    • Runtime outputs not committed: .env, service/.env

    Flow Diagram¶

    flowchart TD
  Vault[1Password vault item] --> Tmpl[Environment templates]
  Tmpl --> Inject[Init secret injection]
  Inject --> Root[Root environment file]
  Inject --> ServiceEnv[Service env files]
  Root --> Compose[Compose interpolation]
  ServiceEnv --> Compose
  Compose --> Runtime[containers]

    Rotation and Validation¶

    ./init validates GitLab credentials before cloning dependencies, reducing broken local setup due to expired credentials.

    Made with Material for MkDocs