Make the safe path the repeatable path
Agala Deploy turns a chain of sensitive deployment steps into one explicit contract. The container receives credentials and target configuration, prepares a constrained execution environment, resolves the inventory, and hands control to Ansible.
This is intentionally not a general deployment platform. It solves a concrete operating model well: static or containerized applications delivered through CI to managed VPS infrastructure.
Security as structure
The project keeps encrypted secrets outside application repositories, validates partial registry configuration, writes SSH material with restricted permissions, and avoids persisting the working environment after the container exits.
What it demonstrates
- Go used as a compact systems-integration language
- CI/CD design around explicit inputs and failure modes
- Practical secrets management with SOPS and age
- Operational tooling built for repeatability rather than spectacle