diff --git a/.docker/docker-compose.yml b/.docker/docker-compose.yml index 3758dcb..b428de8 100644 --- a/.docker/docker-compose.yml +++ b/.docker/docker-compose.yml @@ -1,4 +1,9 @@ -version: '3' +version: "3" + +secrets: + password: + file: ./secrets/password + services: flame: image: pawelmalak/flame @@ -7,6 +12,8 @@ services: - /path/to/data:/app/data ports: - 5005:5005 + secrets: + - password environment: - - PASSWORD=flame_password + - PASSWORD_FILE=/run/secrets/password restart: unless-stopped diff --git a/.docker/secrets/password b/.docker/secrets/password new file mode 100644 index 0000000..5a613ca --- /dev/null +++ b/.docker/secrets/password @@ -0,0 +1 @@ +flame_docker_secret_password diff --git a/README.md b/README.md index a53474e..502a6e0 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,10 @@ services: restart: unless-stopped ``` +##### Docker Secrets + +All environment variables set can be overwritten by appending `_FILE` to the variable value.For example, you can use `PASSWORD_FILE` to pass through a docker secret instead of `PASSWORD`. If both `PASSWORD` and `PASSWORD_FILE` are set, the docker secret will take precedent. An example using docker secrets is available in [here](.docker/docker-compose.yml). + #### Skaffold ```sh @@ -212,7 +216,7 @@ metadata: - Backup your `db.sqlite` before running script! - Known Issues: - generated icons are sometimes incorrect - + ```bash pip3 install Pillow, beautifulsoup4 diff --git a/package-lock.json b/package-lock.json index 2b444e4..ef91c52 100644 --- a/package-lock.json +++ b/package-lock.json @@ -7754,4 +7754,4 @@ "integrity": "sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w==" } } -} +} \ No newline at end of file diff --git a/utils/init/index.js b/utils/init/index.js index bbc507c..c1cc602 100644 --- a/utils/init/index.js +++ b/utils/init/index.js @@ -1,7 +1,9 @@ const initConfig = require('./initConfig'); const initFiles = require('./initFiles'); +const initSecrets = require('./initSecrets'); const initApp = async () => { + initSecrets(); await initFiles(); await initConfig(); }; diff --git a/utils/init/initSecrets.js b/utils/init/initSecrets.js new file mode 100644 index 0000000..500dfeb --- /dev/null +++ b/utils/init/initSecrets.js @@ -0,0 +1,15 @@ +const { getSecrets } = require('docker-secret'); +const Logger = require('../Logger'); +const logger = new Logger(); + +const initSecrets = () => { + const secrets = getSecrets(); + + for (const property in secrets) { + const upperProperty = property.toUpperCase(); + process.env[upperProperty] = secrets[property]; + logger.log(`${upperProperty} was overwritten with docker secret value`, 'WARN'); + } +}; + +module.exports = initSecrets;