Docker/planka
Docker/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2025-07-18 20:59:44 +02:00
Code Issues Releases Activity
planka/server/start.sh
iosabi 63c073e31e feat: Support loading passwords from docker secrets 
Docker secrets are exposed as files in `/run/secrets/` inside the
container instead of as environment variables. To support deployments
where the passwords are stored in secrets, this patch adds support for
loading the `SMTP_PASSWORD`, `SECRET_KEY` and the database password from
files, using the `__FILE` suffix convention found in many docker images.

The database password is part of the `DATABASE_URL` environment
variable, if a password is used at all. To support injecting the
password into the DATABASE_URL without having to use the whole URL as
the secret, the `start.sh` replaces the string `${DATABASE_PASSWORD}` in
the `DATABASE_URL` environment variable by the contents of the
`DATABASE_PASSWORD` variable, which can now also be loaded from the
corresponding file passed in `DATABASE_PASSWORD__FILE`.

These changes are backwards compatible since they only load the `__FILE`
suffix version if the original variable was not set the `__FILE` one
is set.

Added comments in docker-compose.yml with examples for discoverability
of the feature. Tested this on top of 2.0.0-rc.2.
2025-05-15 20:00:58 +09:00

28 lines
949 B
Bash
Executable file
Raw Blame History

#!/bin/bash
set -eu
# Load secrets from files if needed. Only the first line, not including the \n,
# is loaded.
if [[ -z "${SECRET_KEY:-}" && -e "${SECRET_KEY__FILE:-}" ]]; then
read SECRET_KEY <"${SECRET_KEY__FILE}"
export SECRET_KEY
fi
if [[ -z "${SMTP_PASSWORD:-}" && -e "${SMTP_PASSWORD__FILE:-}" ]]; then
read SMTP_PASSWORD <"${SMTP_PASSWORD__FILE}"
export SMTP_PASSWORD
fi
if [[ -z "${DATABASE_PASSWORD:-}" && -e "${DATABASE_PASSWORD__FILE:-}" ]]; then
read DATABASE_PASSWORD <"${DATABASE_PASSWORD__FILE}"
# No need to export DATABASE_PASSWORD, it is only used below.
fi
# Replace the exact "${DATABASE_PASSWORD}" string in the DATABASE_URL
# environment variable with the contents of DATABASE_PASSWORD.
if [[ -n "${DATABASE_PASSWORD:-}" && -n "${DATABASE_URL}" ]]; then
export DATABASE_URL="${DATABASE_URL/\$\{DATABASE_PASSWORD\}/${DATABASE_PASSWORD}}"
fi
export NODE_ENV=production
node db/init.js
exec node app.js --prod
View git blame Copy permalink