search

juanluisbaptiste / docker-otrs

The unofficial Znuny/OTRS Ticketing System docker image
https://www.juanbaptiste.tech/category/otrs
GNU Lesser General Public License v3.0
173 stars 101 forks source link

add docker secret support #60

Closed hos-ftv closed 5 years ago

hos-ftv commented 5 years ago

This MR will add support for docker secrets. Using docker swarm or kubernetes this will provide a safer/cleaner way to pass the required credentials.

The secret file itself is has to be structured like a usual .env - file and will be "sourced" prior the default values will be applied.

hos-ftv commented 5 years ago

An other approach could be to use the existing environment variables so that they could either hold the value itself or a path.

e.g.

MYSQL_ROOT_PASSWORD=12345
# or
MYSQL_ROOT_PASSWORD=/run/secrets/mysql_root_pw

And in functions.sh:

if [ -f $MYSQL_ROOT_PASSWORD ]; then
    MYSQL_ROOT_PASSWORD=`cat $MYSQL_ROOT_PASSWORD`
elif [ -z "${MYSQL_ROOT_PASSWORD}" ]; then
   # apply defaults
fi

But there are three downsides if docker secrets got support this way. It is quite implicit, you'll have to maintain multiple secret - files instead of one and you'll bloat functions.sh.

juanluisbaptiste commented 5 years ago

Hi,

Thanks for the PR, I will test it out.

juanluisbaptiste commented 5 years ago

I currently don't have a swarm/k8 cluster, I tested that the PR does not break the default behavior and it does not, so I will merge it.

Thanks.

hos-ftv commented 5 years ago

Perfect, thanks!