https://www.prisma.io/ logo
Join Slack
Powered by
I just deployed a prisma server with fargate and I...
# orm-help
c
I just deployed a prisma server with fargate and I have the endpoint exposed with a public IP, which makes it easy to do 
prisma deploy
but clearly is not secure. I want to make it only accessible to my api server internally, but then I don’t know how to run the deploy command. How have other solved this?
I’m trying to run the 
prisma deploy
in my dockerfile when I deploy my API but I’m running into authentication errors when I try
t
You can protect your prisma server with a secret
j
add ManagementApiSecret to the docker-compose and fargate.yml
👍 1
then with it running locally, 
prisma token
will give you an access token
c
thanks @taikn and @Jared although I do have managementApiSecret set on my deployment but I can still access it anywhere
for example the public ip still has /_admin accessible
and I can deploy without setting any special token from my local cli
j
admin panel should be able to load
but without a token, no data will be accesible
if you click the little gear in the top right of the admin panel, is there a token?
c
nope, it’s a blank field
I have something like this when I deploy my server
Copy code
port: PORT
managementApiSecret: SECRET
databases:
  default:
    migrations: true
    connector: postgres
    host: DATABASE_HOST
    port: DATABASE_PORT
    user: DATABASE_USER
    password: DATABASE_PASSWORD
j
do you have the env var in the params at the top of the fargate.yml file?
Copy code
Parameters:
...
  ManagementApiSecret:
    Description: The secret for your Prisma server.
    Type: String
c
I’m not running it from the fargate.yml cloudformation
j
ok, just from the docker?
c
I have a Dockerfile
j
i didnt set ours up, but i'm snooping on the files to see what might be needed
c
j
when you run it locally, do you have the same result?
c
to be honest I haven’t run this build locally, let me try
ah well in this setup I won’t be able to since the DB is on a VPC that I can’t connect to on my local
j
you could spin up a db locally and point to that
c
ok I’ll give that a try and report back
j
I think if it performs as expected locally, it's a deployment issue
so maybe the secret isn't being set, or you added it later and it needs to be restarted or something
c
ok gotcha thanks @Jared I’ll try and get this db running locally
j
👍
c
turns out I didn’t have 
secret: ${env:PRISMA_MANAGEMENT_API_SECRET}
set in my 
prisma.yml
when I deployed. Now that I added that it looks like I can’t access data at 
/_admin
. Just so I’m clear, now that I’ve deployed with that in my 
prisma.yml
my server should be protected correct?
j
the prisma endpoint is protected
n
Looks like the service API is secured, but make sure the 
managementApiSecret
is being set to secure the management API
2 Views
Open in Slack
PreviousNext
Powered by