Closed innovate-invent closed 5 years ago
bgruening
commented
5 years ago We covered this in the readme file to some degree. I made it now explicit that you have two ways to change your configs and for sensitive data you should edit the galaxy.yml file. This is also how most of the users I know are running it.
Thanks for pointing this out, I hope the documentation is now better.
bgruening
commented
5 years ago Please feel free to open it if you think the documentation is not enough.
innovate-invent
commented
5 years ago I am not sure how the docker configures itself but it seems /etc/supervisor/conf.d/galaxy.conf refers to /etc/galaxy/galaxy.yml which is not mounted outside of the container.
How should I customize this file?
dpryan79
commented
5 years ago That should get either copied or symlinked in when you start the image: https://github.com/galaxyproject/ansible-galaxy-extras/blob/36c5b7b7dc49c14a78a91d3f063d927262d1c251/templates/export_user_files.py.j2#L109-L115
Currently the docker image stores sensitive information in the environment. This can be freely read from user accessible tools running within Galaxy. Here is a good example. Patching every tool that possibly captures environment variables is not the way to fix this issue. Storing sensitive information in environment variables is simply bad practice.