[User Story] Create .env.secrets migration runbook #92
Description
Story Summary
As a platform engineer, I want to create a runbook for the one-time .env.secrets migration, so that the secrets file can be properly set up on block storage before deployment.
✅ Acceptance Criteria
- Runbook created in
docs/runbooks/directory - Step-by-step instructions for extracting secrets from current
.env - Instructions for creating
.env.secretswith correct format - File permission requirements documented (0600)
- Verification steps included
- Rollback procedure documented
📝 Additional Context
- Design: This is a one-time migration task performed before the first deployment
- Secrets to extract: DATABASE_PASSWORD, DATABASE_ROOT_PASSWORD, HEALTH_CHECK_TOKEN, mail__options__auth__pass
- The runbook should be safe to commit (no actual secret values)
📦 Definition of Ready
- Acceptance criteria defined
- No unresolved external dependencies
- Story is estimated
- Team has necessary skills and access
- Priority is clear
- Business value understood
✅ Definition of Done
- All acceptance criteria met
- Runbook is clear and actionable
- Peer-reviewed
- No sensitive information in runbook