[Feature] Add Docker Secrets support

[Psycho0verload]

Implementation of Docker Secrets for BORG Environment Variables

Related to Ticket #47 and PR #246, a possible implementation of Docker Secrets is provided here. This implementation has been rigorously tested and documented. A key feature is that the use of standard environment variables within Docker commands or docker-compose.yml files is preserved. This ensures that those who do not wish to use Docker Secrets can continue to operate as before.

Functionality

The function iterates through all environment variables that begin with BORG, such as BORG_PASSPHRASE. It then looks for variables that end with _FILE. The contents of such a _FILE variable are written to a new variable, the name of which excludes the _FILE suffix.

[!NOTE] This implementation prioritizes Secrets over regularly set variables.

Debugging

@grantbevis for testing purposes, debugging capabilities have been added. To enable debugging, set the environment variable DEBUG_SECRETS=true.

Permissions

The script also works when the Docker-required chmod 600 permissions are set on the secret files.

Testing

Test 1

Environment:

    environment:
      - DEBUG_SECRETS=true
      - BORG_PASSPHRASE=OldSchoolEnvironment

Result:

borgmatic  | Before: BORG_PASSPHRASE: OldSchoolEnvironment
borgmatic  | Before: BORG_PASSPHRASE_FILE: 
borgmatic  | After: BORG_PASSPHRASE: OldSchoolEnvironment
borgmatic  | After: BORG_PASSPHRASE_FILE: 

---

Test 2

Environment:

    environment:
      - DEBUG_SECRETS=true
      - BORG_PASSPHRASE_FILE=/run/secrets/borg_passphrase
    secrets:
      - borg_passphrase
secrets:
  borg_passphrase:
    file: ./borg_passphrase

Result:

borgmatic  | Before: BORG_PASSPHRASE: 
borgmatic  | Before: BORG_PASSPHRASE_FILE: /run/secrets/borg_passphrase
borgmatic  | Setting BORG_PASSPHRASE from the content of /run/secrets/borg_passphrase
borgmatic  | Unsetting BORG_PASSPHRASE_FILE
borgmatic  | After: BORG_PASSPHRASE: ThisIsFromTheSecretFile
borgmatic  | After: BORG_PASSPHRASE_FILE: 

---

Test 3

Environment:

    environment:
      - DEBUG_SECRETS=true
      - BORG_PASSPHRASE=OldSchoolEnvironment
      - BORG_PASSPHRASE_FILE=
    secrets:
      - borg_passphrase
secrets:
  borg_passphrase:
    file: ./borg_passphrase

Result:

borgmatic  | Before: BORG_PASSPHRASE: OldSchoolEnvironment
borgmatic  | Before: BORG_PASSPHRASE_FILE: 
borgmatic  | Error: File  does not exist or is empty.
borgmatic  | After: BORG_PASSPHRASE: OldSchoolEnvironment
borgmatic  | After: BORG_PASSPHRASE_FILE: 

---

Test 4

Environment:

    environment:
      - DEBUG_SECRETS=true
      - BORG_PASSPHRASE=
      - BORG_PASSPHRASE_FILE=/run/secrets/borg_passphrase
    secrets:
      - borg_passphrase
secrets:
  borg_passphrase:
    file: ./borg_passphrase

Result:

borgmatic  | Before: BORG_PASSPHRASE: 
borgmatic  | Before: BORG_PASSPHRASE_FILE: /run/secrets/borg_passphrase
borgmatic  | Setting BORG_PASSPHRASE from the content of /run/secrets/borg_passphrase
borgmatic  | Unsetting BORG_PASSPHRASE_FILE
borgmatic  | After: BORG_PASSPHRASE: ThisIsFromTheSecretFile
borgmatic  | After: BORG_PASSPHRASE_FILE: 

---

Test 5

Environment:

    environment:
      - DEBUG_SECRETS=true
      - BORG_PASSPHRASE=
      - BORG_PASSPHRASE_FILE=/run/secrets/borg_passphrase
    secrets:
      - borg_passphrase
secrets:
  borg_passphrase:
    file: ./borg_passphrase

Result:

borgmatic  | Before: BORG_PASSPHRASE: OldSchoolEnvironment
borgmatic  | Before: BORG_PASSPHRASE_FILE: /run/secrets/borg_passphrase
borgmatic  | Note: BORG_PASSPHRASE was already set but is being overwritten by BORG_PASSPHRASE_FILE
borgmatic  | Setting BORG_PASSPHRASE from the content of /run/secrets/borg_passphrase
borgmatic  | Unsetting BORG_PASSPHRASE_FILE
borgmatic  | After: BORG_PASSPHRASE: ThisIsFromTheSecretFile
borgmatic  | After: BORG_PASSPHRASE_FILE: 

[modem7]

@grantbevis LGTM