search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
3.67k stars 511 forks source link

Added ability to use environment variables as arguments #6184

Open HuFlungDu opened 2 weeks ago

HuFlungDu commented 2 weeks ago

This adds the ability to use environment variables in place of command line args.

It parses each environment variable starting with "meshcentral_" (normalized) and sets the command line argument after that to the value given. For example:

MESHCENTRAL_CONFIGKEY="AOEUAOEUAOEU" node ./meshcentral

Is effectively the same as:

node ./meshcentral --configkey "AOEUAOEUAOEU"

It is validated against validArguments and ignores anything that is not set there. Command line arguments also take precedence over environment variables. It shares a precedence with command line variables in regards to overriding config file options.

The motivation for this is for use in scalable cloud environments where it is undesirable to provision the system drive with particular secrets. Currently this can be handled by passing those secrets through command line arguments (--configkey $(get-key-remote), --mongodb $(get-mongostring-remote), etc). However, this method will include the secrets in the process string, and so is readable via ps and also in systemd logs if meshcentral is started through systemd. Those secrets could then be stored in external logs if you are, say, monitoring processes running on your server and flagging abnormalities, or pulling systemd logs for external processing. Allowing these variables to be set via the system environment can allow one to avoid these pitfalls.

This is merely one implementation of this feature. It, for instance, does not allow one to pass bool variables at all (though depending on how meshcentral checks for these arguments, it might be fine to pass truthy strings for true) and also allows someone to pass arguments that may be undesirable (MESHCENTRAL_HELP="aoeu" will print the help message, for instance), though this is more just a weird wart than an actual problem, I think. If meshcentral used a schema for minimist this could be solved automatically, but as it is, a solution would require a separately managed list of environment variables to check.

silversword411 commented 1 week ago

What about mc_ as variable...a lot shorter and still don't think there would be much chance of a conflict

HuFlungDu commented 1 week ago

What about mc_ as variable...a lot shorter and still don't think there would be much chance of a conflict

As an avid user of Midnight Commander I take umbridge with that statement 😝

Usually I like to spell things out in environment variables just because they are usually handled by robots or scripts, but there's precedent both ways. Certainly correct that there is very little chance of overlap between meshcentral variables and Midnight Commander variables, though, haha.