mirror of
https://github.com/invoiceninja/dockerfiles.git
synced 2025-12-31 19:47:25 +01:00
WIP: Implement docker secrets
This commit is contained in:
Holger Lösken
committed by
Samuel Laulhau
Samuel Laulhau
parent
f81e0c8f11
commit
1168dec11b
@@ -133,6 +133,15 @@ The sample above stores the files on the post at `./docker/app/public` and `./do
|
||||
|
||||
:warning: If using bind-mounted host directories make sure they exists and have proper rights. See [here](#create-folders-for-data-persistence) for details.
|
||||
|
||||
## Docker secrets
|
||||
|
||||
:information_source: This feature is borrowed from [mariadb docker image](https://hub.docker.com/_/mariadb).
|
||||
|
||||
As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the below listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in _/run/secrets/<secret_name>_ files.
|
||||
|
||||
Supported are these variables:
|
||||
`APP_KEY`, `API_SECRET`, `CLOUDFLARE_API_KEY`, `DB_USERNAME`, `DB_PASSWORD`, `MAIL_USERNAME`, `MAIL_PASSWORD`, `MAILGUN_SECRET`, `S3_KEY`, `S3_SECRET`
|
||||
|
||||
|
||||
## Debugging your Docker setup
|
||||
|
||||
|
||||
@@ -1,6 +1,27 @@
|
||||
#!/usr/bin/env sh
|
||||
set -e
|
||||
|
||||
# usage: file_env VAR [DEFAULT]
|
||||
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
|
||||
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
|
||||
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
|
||||
file_env() {
|
||||
local var="$1"
|
||||
local fileVar="${var}_FILE"
|
||||
local def="${2:-}"
|
||||
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
|
||||
mysql_error "Both $var and $fileVar are set (but are exclusive)"
|
||||
fi
|
||||
local val="$def"
|
||||
if [ "${!var:-}" ]; then
|
||||
val="${!var}"
|
||||
elif [ "${!fileVar:-}" ]; then
|
||||
val="$(< "${!fileVar}")"
|
||||
fi
|
||||
export "$var"="$val"
|
||||
unset "$fileVar"
|
||||
}
|
||||
|
||||
# first arg is `-f` or `--some-option`
|
||||
if [ "${1#-}" != "$1" ]; then
|
||||
set -- php-fpm "$@"
|
||||
@@ -39,4 +60,17 @@ fi
|
||||
chown invoiceninja:www-data /var/www/app/storage
|
||||
chown invoiceninja:www-data /var/www/app/public
|
||||
|
||||
# Initialize values that might be stored in a file
|
||||
file_env 'APP_KEY'
|
||||
file_env 'API_SECRET'
|
||||
file_env 'CLOUDFLARE_API_KEY'
|
||||
file_env 'DB_USERNAME'
|
||||
file_env 'DB_PASSWORD'
|
||||
file_env 'MAIL_USERNAME'
|
||||
file_env 'MAIL_PASSWORD'
|
||||
file_env 'MAILGUN_SECRET'
|
||||
file_env 'S3_KEY'
|
||||
file_env 'S3_SECRET'
|
||||
|
||||
|
||||
exec docker-php-entrypoint "$@"
|
||||
|
||||
Reference in New Issue
Block a user