Saltar al contenido principal

Metabase Infrastructure Setup Summary

Date: 2025-11-22 Status: ✅ Infrastructure Created

Cloud SQL Instances Created

Staging (barto-dev)

  • Instance: metabase-db-staging
  • Connection Name: barto-dev:us-central1:metabase-db-staging
  • Database: metabase
  • User: metabase_user
  • Password: pDOiV4mWp0UmC8cmCblyASd7BvQbJY4L
  • IP Address: 34.136.122.140

Production (barto-prod)

  • Instance: metabase-db-production
  • Connection Name: barto-prod:us-central1:metabase-db-production
  • Database: metabase
  • User: metabase_user
  • Password: iNE3VNQz1qYH9OLi64XQwG5K9CVM/fJv
  • IP Address: 35.224.51.247

JWT Secret for Embedding

Secret: JgFkxtEZcrFLe10MYvewNRN43fkQ8uxOzDpvLUOEsiA=

⚠️ IMPORTANT: This secret must be identical in both Metabase Cloud Run and your backend Doppler config.

Next Steps: Configure Doppler Secrets

Option 1: Use the Setup Script

# Authenticate with Doppler first
doppler login

# Run the setup script for staging
./scripts/setup-metabase-doppler-secrets.sh staging

# Run the setup script for production
./scripts/setup-metabase-doppler-secrets.sh production

Option 2: Manual Configuration

Staging Environment

# Database configuration
doppler secrets set METABASE_DB_TYPE=postgres \
  --project flowpos-workspace --config staging

doppler secrets set METABASE_DB_NAME=metabase \
  --project flowpos-workspace --config staging

doppler secrets set METABASE_DB_USER=metabase_user \
  --project flowpos-workspace --config staging

doppler secrets set "METABASE_DB_PASS=pDOiV4mWp0UmC8cmCblyASd7BvQbJY4L" \
  --project flowpos-workspace --config staging

doppler secrets set "METABASE_DB_CONNECTION=barto-dev:us-central1:metabase-db-staging" \
  --project flowpos-workspace --config staging

# Connection URI (password URL-encoded)
doppler secrets set "METABASE_DB_CONNECTION_URI=postgresql://metabase_user:pDOiV4mWp0UmC8cmCblyASd7BvQbJY4L@/metabase?host=/cloudsql/barto-dev:us-central1:metabase-db-staging" \
  --project flowpos-workspace --config staging

# Application configuration
doppler secrets set "METABASE_SITE_URL=https://flowpos-metabase-staging-xxxxx.a.run.app" \
  --project flowpos-workspace --config staging

doppler secrets set "METABASE_EMBED_SECRET_KEY=JgFkxtEZcrFLe10MYvewNRN43fkQ8uxOzDpvLUOEsiA=" \
  --project flowpos-workspace --config staging

doppler secrets set MB_ANON_TRACKING_ENABLED=false \
  --project flowpos-workspace --config staging

doppler secrets set MB_ENABLE_PUBLIC_SHARING=false \
  --project flowpos-workspace --config staging

Production Environment

# Database configuration
doppler secrets set METABASE_DB_TYPE=postgres \
  --project flowpos-workspace --config production

doppler secrets set METABASE_DB_NAME=metabase \
  --project flowpos-workspace --config production

doppler secrets set METABASE_DB_USER=metabase_user \
  --project flowpos-workspace --config production

doppler secrets set "METABASE_DB_PASS=iNE3VNQz1qYH9OLi64XQwG5K9CVM/fJv" \
  --project flowpos-workspace --config production

doppler secrets set "METABASE_DB_CONNECTION=barto-prod:us-central1:metabase-db-production" \
  --project flowpos-workspace --config production

# Connection URI (password URL-encoded)
doppler secrets set "METABASE_DB_CONNECTION_URI=postgresql://metabase_user:iNE3VNQz1qYH9OLi64XQwG5K9CVM%2FfJv@/metabase?host=/cloudsql/barto-prod:us-central1:metabase-db-production" \
  --project flowpos-workspace --config production

# Application configuration
doppler secrets set "METABASE_SITE_URL=https://flowpos-metabase-production-xxxxx.a.run.app" \
  --project flowpos-workspace --config production

doppler secrets set "METABASE_EMBED_SECRET_KEY=JgFkxtEZcrFLe10MYvewNRN43fkQ8uxOzDpvLUOEsiA=" \
  --project flowpos-workspace --config production

doppler secrets set MB_ANON_TRACKING_ENABLED=false \
  --project flowpos-workspace --config production

doppler secrets set MB_ENABLE_PUBLIC_SHARING=false \
  --project flowpos-workspace --config production

Backend Configuration

The backend also needs the JWT secret:

# Staging
doppler secrets set "METABASE_SITE_URL=https://flowpos-metabase-staging-xxxxx.a.run.app" \
  --project flowpos-workspace --config staging

doppler secrets set "METABASE_EMBED_SECRET_KEY=JgFkxtEZcrFLe10MYvewNRN43fkQ8uxOzDpvLUOEsiA=" \
  --project flowpos-workspace --config staging

# Production
doppler secrets set "METABASE_SITE_URL=https://flowpos-metabase-production-xxxxx.a.run.app" \
  --project flowpos-workspace --config production

doppler secrets set "METABASE_EMBED_SECRET_KEY=JgFkxtEZcrFLe10MYvewNRN43fkQ8uxOzDpvLUOEsiA=" \
  --project flowpos-workspace --config production

Important Notes

  1. Update METABASE_SITE_URL: After the first deployment, update METABASE_SITE_URL in Doppler with the actual Cloud Run URL (replace xxxxx with the actual service URL).

  2. Password URL Encoding: If the password contains special characters (like /), they need to be URL-encoded in the connection URI:

    • / becomes %2F
    • + becomes %2B
    • etc.

  3. Verify Secrets: After setting secrets, verify them:

    doppler secrets --project flowpos-workspace --config staging | grep METABASE
    doppler secrets --project flowpos-workspace --config production | grep METABASE

What's Next?

After configuring Doppler secrets:

  1. Deploy Metabase (Phase 4): Create a PR with the Metabase changes and merge to trigger deployment
  2. Connect to App Database: After Metabase is running, connect it to your app database via Metabase UI
  3. Create Dashboards: Create test dashboards with business_id parameters
  4. Test Integration: Test the embed URLs and frontend components