Launcher build with injected credentials


I’m trying to avoid keeping database credentials stored permanently in any sort of yml file.

I thought that I could use this workflow:

  1. Export options like DISCOURSE_DB_PASSWORD as environment variables, omitting them from my yml
  2. Run launcher rebuild web-only.yml or launcher bootstrap web-only.yml depending on what I’m doing

However, when I try this, the bootstrap process is quite clearly still trying to the database locally.

Is what I’m trying to do even possible? I thought I saw some kind of reference to this sort of setup being a possibility.