Allow reading passwords from files

[giorgiga]

Prerequisites

• [X] I have checked the Wiki and Discussions and found no answer

• [X] I have searched other issues and found no duplicates

• [X] I want to request a feature or enhancement and not ask a question

The problem

Integration with declarative configuration and secret management systems is complicated because passwords are in the same file as the rest of the configuration.

Proposed solution

It would be nice to be able to specify passwords via files:

users:
  - name: some_user
    password_file: /run/secrets/user2-addguard-bcrypt-password.txt

Something similar should also be allowed for the http_proxy password.

Alternatives considered and additional information

Note that, while in some way similar to what proposed in #6647, this requires no special syntax.

Any chance a PR implementing this would be accepted?

[ppfeufer]

Wouldn't it make more sense to make this a proper credentials file in this case? Something like:

users:
  - credentials_file: /run/secrets/addguard-credentials.txt

And either make it look like:

user: foobar
password: barfoo_hashed

Or, if we want to support multiple users:

user_1:password_hash
user_2:password_hash
user_3:password_hash

Just as an idea …

[giorgiga]

@ppfeufer IMHO some sort of user database would indeed be nice (as would some kind of external authentication) and I'll also admit that the way config is mixed with users in the same file strikes me as a bit weird, but... can't we have that and also this? I mean, they can be two separate and independent features.