What’s the feature?
Enable Docker Secrets for sensitive variables like OIDC_CLIENT_SECRET
Why is it useful?
Add the ability to use _FILE to mount sensitive environment variables as docker secrets. Below is a script that I use for other containers and is based off of the official MariaDB/Postgres entrypoint.
Example: OIDC_CLIENT_SECRET_FILE: "/run/secrets/tugtainer_client_secret
#!/bin/sh
set -eu
file_env() {
var="$1"
fileVar="${var}_FILE"
varValue="$(printenv "$var" 2>/dev/null || true)"
fileVarValue="$(printenv "$fileVar" 2>/dev/null || true)"
if [ -n "$varValue" ] && [ -n "$fileVarValue" ]; then
echo "Both $var and $fileVar are set (but are exclusive)" >&2
exit 1
fi
if [ -n "$fileVarValue" ]; then
[ -f "$fileVarValue" ] || {
echo "Secret file not readable: $fileVarValue" >&2
exit 1
}
export "$var"="$(cat "$fileVarValue")"
unset "$fileVar"
fi
}
for var in \
AGENT_SECRET \
OIDC_CLIENT_ID \
OIDC_CLIENT_SECRET
do
file_env "$var"
done
[ $# -gt 0 ] || { echo "Error: no command provided to exec" >&2; exit 1; }
exec "$@"Any extra thoughts?
No response
What’s the feature?
Enable Docker Secrets for sensitive variables like OIDC_CLIENT_SECRET
Why is it useful?
Add the ability to use _FILE to mount sensitive environment variables as docker secrets. Below is a script that I use for other containers and is based off of the official MariaDB/Postgres entrypoint.
Example: OIDC_CLIENT_SECRET_FILE: "/run/secrets/tugtainer_client_secret
Any extra thoughts?
No response