Skip to content

README.md

Latest commit

 

History

History
85 lines (59 loc) · 2.04 KB

README.md

File metadata and controls

85 lines (59 loc) · 2.04 KB

BlindPass on GCP Cloud Run

Deploy BlindPass to GCP Cloud Run using the free tier. No VM required.

Prerequisites

  1. GCP project with billing enabled
  2. gcloud CLI installed and authenticated: 
    gcloud auth application-default login
  3. Supabase projectsupabase.com → New project → copy the Transaction pooler connection string from Settings → Database
  4. Upstash Redisupstash.com → New database → copy the REDIS_URL
  5. Terraform ≥ 1.5 — developer.hashicorp.com/terraform/install

Quickstart

cd terraform

# 1. Copy and fill in variables
cp terraform.tfvars.example terraform.tfvars
$EDITOR terraform.tfvars

# 2. Initialise providers
terraform init

# 3. Preview changes
terraform plan

# 4. Apply (creates all resources + runs migrations)
terraform apply

After apply, Terraform prints dns_setup_instructions. Add those DNS records at your registrar.

Cloud Run provisions a managed TLS certificate automatically once DNS propagates (up to 24 hours).

Verify

curl https://blindpass.example.com/health
# {"status":"ok","db":"ok"}

Update to a new image tag

terraform apply -var="image_tag=1.2.3"

This updates both services and re-runs the migration job automatically.

Destroy

terraform destroy

Warning: This deletes all Cloud Run services, secrets, and service accounts. Your Supabase database and Upstash Redis are not affected (they are not managed by this module).

Variables

See modules/blindpass/README.md for the full variable reference.

GCS state backend (recommended for production)

Add to versions.tf before running terraform init:

terraform {
  backend "gcs" {
    bucket = "my-tf-state-bucket"
    prefix = "blindpass"
  }
}

Create the bucket first:

gcloud storage buckets create gs://my-tf-state-bucket \
  --location=us-east1 \
  --uniform-bucket-level-access