Personal SYs OPS

Screenshot of the psyops docker image running in a terminal

This is how I manage my own infrastructure. It’s a project, but it’s not really intended for public consumption… in particular, documentation is pretty much nonexistent.

It’s a repo that builds a Docker image with all the prerequisites I need, like libraries for talking to AWS and so forth. I commit encrypted secrets to the repo, and then start the image and run psecrets unlock. That prompts me for my GPG passphrase, and once it’s entered correctly, I can deploy to all my infrastructure seamlessly. The Docker image is intended to be short-lived, so that my secret key stays out of memory unless necessary. It also is a great way to work if you want to deploy from machines on different OSes, because the prereqs can be built into the Docker image one time, and then run from anywhere.

The code may be useful to others in bits and pieces though. I have referenced it from a few blog posts: