mirror of
https://github.com/plankanban/planka.git
synced 2025-08-03 12:35:26 +02:00
fix: Read secret files without requiring trailing newline
Closes #1222, closes #1272
This commit is contained in:
Maksim Eltyshev
parent
c272a65015
commit
a37a6b45b1
1 changed files with 21 additions and 33 deletions
|
|
@ -2,46 +2,34 @@
|
||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
||||||
# Load secrets from files if *__FILE variables are provided.
|
# Load secrets from files if corresponding *__FILE environment variables are set.
|
||||||
# Only the first line of each file is read (newline excluded).
|
# Only the first line of each file is read (stripping carriage returns and newlines).
|
||||||
|
|
||||||
|
read_secret() {
|
||||||
|
local file="$1"
|
||||||
|
head -n 1 "$file" | tr -d '\r\n'
|
||||||
|
}
|
||||||
|
|
||||||
|
load_secret() {
|
||||||
|
local envar="$1"
|
||||||
|
local file="${envar}__FILE"
|
||||||
|
if [[ -z "${!envar:-}" && -e "${!file:-}" ]]; then
|
||||||
|
export "$envar"="$(read_secret "${!file}")"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# DATABASE_PASSWORD (used to dynamically inject into DATABASE_URL)
|
|
||||||
if [[ -n "${DATABASE_URL}" ]]; then
|
if [[ -n "${DATABASE_URL}" ]]; then
|
||||||
if [[ -z "${DATABASE_PASSWORD:-}" && -e "${DATABASE_PASSWORD__FILE:-}" ]]; then
|
if [[ -z "${DATABASE_PASSWORD:-}" && -e "${DATABASE_PASSWORD__FILE:-}" ]]; then
|
||||||
read DATABASE_PASSWORD < "${DATABASE_PASSWORD__FILE}"
|
DATABASE_PASSWORD="$(read_secret "${DATABASE_PASSWORD__FILE}")"
|
||||||
export DATABASE_URL="${DATABASE_URL/\$\{DATABASE_PASSWORD\}/${DATABASE_PASSWORD}}"
|
export DATABASE_URL="${DATABASE_URL/\$\{DATABASE_PASSWORD\}/${DATABASE_PASSWORD}}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# SECRET_KEY
|
load_secret SECRET_KEY
|
||||||
if [[ -z "${SECRET_KEY:-}" && -e "${SECRET_KEY__FILE:-}" ]]; then
|
load_secret DEFAULT_ADMIN_PASSWORD
|
||||||
read SECRET_KEY < "${SECRET_KEY__FILE}"
|
load_secret S3_SECRET_ACCESS_KEY
|
||||||
export SECRET_KEY
|
load_secret OIDC_CLIENT_SECRET
|
||||||
fi
|
load_secret SMTP_PASSWORD
|
||||||
|
|
||||||
# DEFAULT_ADMIN_PASSWORD
|
|
||||||
if [[ -z "${DEFAULT_ADMIN_PASSWORD:-}" && -e "${DEFAULT_ADMIN_PASSWORD__FILE:-}" ]]; then
|
|
||||||
read DEFAULT_ADMIN_PASSWORD < "${DEFAULT_ADMIN_PASSWORD__FILE}"
|
|
||||||
export DEFAULT_ADMIN_PASSWORD
|
|
||||||
fi
|
|
||||||
|
|
||||||
# S3_SECRET_ACCESS_KEY
|
|
||||||
if [[ -z "${S3_SECRET_ACCESS_KEY:-}" && -e "${S3_SECRET_ACCESS_KEY__FILE:-}" ]]; then
|
|
||||||
read S3_SECRET_ACCESS_KEY < "${S3_SECRET_ACCESS_KEY__FILE}"
|
|
||||||
export S3_SECRET_ACCESS_KEY
|
|
||||||
fi
|
|
||||||
|
|
||||||
# OIDC_CLIENT_SECRET
|
|
||||||
if [[ -z "${OIDC_CLIENT_SECRET:-}" && -e "${OIDC_CLIENT_SECRET__FILE:-}" ]]; then
|
|
||||||
read OIDC_CLIENT_SECRET < "${OIDC_CLIENT_SECRET__FILE}"
|
|
||||||
export OIDC_CLIENT_SECRET
|
|
||||||
fi
|
|
||||||
|
|
||||||
# SMTP_PASSWORD
|
|
||||||
if [[ -z "${SMTP_PASSWORD:-}" && -e "${SMTP_PASSWORD__FILE:-}" ]]; then
|
|
||||||
read SMTP_PASSWORD < "${SMTP_PASSWORD__FILE}"
|
|
||||||
export SMTP_PASSWORD
|
|
||||||
fi
|
|
||||||
|
|
||||||
export NODE_ENV=production
|
export NODE_ENV=production
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue