ci: Pass master key in deploy.yml, fix secrets file path mismatch

src/main.rs

@@ -82,10 +82,11 @@ async fn main() {
 
     tracing::info!("Migrations successful.");
 
-    if let Ok(file_content) = std::fs::read_to_string("secrets.json") {
-        tracing::info!("Found secrets.json, provisioning");
+    let secrets_path = std::env::var("SECRETS_FILE_PATH").unwrap_or_else(|_| "secrets.json".to_string());
+    if let Ok(file_content) = std::fs::read_to_string(&secrets_path) {
+        tracing::info!("Found secrets file at {}, provisioning", secrets_path);
         let secrets: HashMap<String, String> =
-            serde_json::from_str(&file_content).expect("Invalid secrets.json format");
+            serde_json::from_str(&file_content).expect("Invalid secrets json format");
 
         for (key, value) in secrets {
             let encrypted_val = encrypt_secret(&master_key, &value);
@@ -99,9 +100,10 @@ async fn main() {
             .expect("Failed to insert secret");
         }
 
-        std::fs::rename("secrets.json", "secrets.json.bak")
-            .expect("Failed to rename secrets.json");
-        tracing::info!("Provisioned secrets and renamed to secrets.json.bak");
+        let bak_path = format!("{}.bak", secrets_path);
+        std::fs::rename(&secrets_path, &bak_path)
+            .expect("Failed to rename secrets file");
+        tracing::info!("Provisioned secrets and renamed to {}", bak_path);
     }
 
     let state = AppState {