Passwords should be stored in docker secrets

[kafeinnet]

Hi,

Env vars are insecure. So, passwords like the mysql one should be retrieved from docker secrets instead of env vars.

Maybe the entrypoint script could source secret if any is provided (/run/secrets/*), then get password from env var if no secret is present, then default to a random value.

\fab

[jjethwa]

Thanks for the issue, @kafeinnet

Docker secrets is available in docker 1.13 or higher. I primarily use CoreOS to host my containers and docker 1.13 is not available just yet (see: https://coreos.com/releases ). I can make the suggested changes. Would you be OK with the entrypoint script checking for the existence of secrets using the same naming convention as the environment variables? Example:

/run/secrets/DATABASE_ADMIN_PASSWORD

[kafeinnet]

Yep, that would be perfect.

[jjethwa]

Hi @kafeinnet

Please check the newest version of the latest tag and let me know if it works for you 😄

[kafeinnet]

There is a typo (some spaces around =) when you read the content of the secret files which cause an error. Beside that, it works perfectly.

I made a pull request ( #87 ) with the typo corrected and a new option I needed for my setup. Fell free to merge it.

\fab

[jjethwa]

Hi @kafeinnet

Oops! Thanks for finding and fixing it 👍