harleylang
commented
3 years ago Yes, it probably makes the most sense to clear .env following build. If we combine it with a script that decrypts usernames / passwords as mentioned in #13 and #14, the .env file only needs to exist for the entirety of the build step. Essentially, we'd need a short bash script that (1) asks for the user's repo / .env encryption key, (2) decrypts, (3) runs docker-compose and then (4) deletes .env.
Given that auth.json is persistent, perhaps we can identify a folder to target for its storage and create a script that will set its permissions so that only root and the current user can read its values. (I think I saw in #7 that you had written some ideas for this into the readme, but perhaps we can formalize this procedure a little bit more.) The weakest link then, is the system the ap runs on.
Edit: Then again, I'm not sure if this solution will pose a bottleneck when implementing a Kubernetes setup.
Consider clearing the environment variables so logon and password aren't still accessible. I'm not sure if Docker dynamically sets them like Kubernetes does. If so then it's impossible without changing the container's run definition, making setup a 2-stage sequence. Note that logon also persists plain-text in the auth json