Currently the PASSWORD environment variable has to be hard-coded in the docker-compose.yml file. It would be nice if the image had an environment variable implementation that supported the secrets field, so if the config was visible publicly (eg. git) the password won't be openly visible.
Details
The secrets field mounts a /run/secrets directory into the container with all the secrets that are specified for the container, and then the container can read those files to acquire those secrets.
Proposal
If the docker-compose.yml file were similar to the following (truncated for brevity):
secrets:
podgrab_password:
file: ./secrets/podgrab_password.txt # define the podgrab_password secret file with a local file
services:
podgrab:
...
environment:
...
PASSWORDFILE: /run/secrets/podgrab_password # [needs implementing in the container] a new environment variable to define the path to the password file instead of hard-coding it
secrets:
- podgrab_password # let docker-compose know that this container is allowed to receive the podgrab_password secret
...
Then, inside the container, it should see that the PASSWORDFILE environment variable is set, and read the file at the path specified in the variable to get the password to use, instead of looking for a hard-coded one. For example, in this case it would read the file /run/secrets/podgrab_password since that's what we set in the environment variable, and use that as the password for podgrab.
On an unrelated note, it would be nice if we could configure the username too, since I like to use the same username for all my media server users
Issue
Currently the
PASSWORDenvironment variable has to be hard-coded in thedocker-compose.ymlfile. It would be nice if the image had an environment variable implementation that supported thesecretsfield, so if the config was visible publicly (eg. git) the password won't be openly visible.Details
The
secretsfield mounts a/run/secretsdirectory into the container with all the secrets that are specified for the container, and then the container can read those files to acquire those secrets.Proposal
If the
docker-compose.ymlfile were similar to the following (truncated for brevity):Then, inside the container, it should see that the
PASSWORDFILEenvironment variable is set, and read the file at the path specified in the variable to get the password to use, instead of looking for a hard-coded one. For example, in this case it would read the file/run/secrets/podgrab_passwordsince that's what we set in the environment variable, and use that as the password for podgrab.On an unrelated note, it would be nice if we could configure the username too, since I like to use the same username for all my media server users