Closed hos-ftv closed 5 years ago
An other approach could be to use the existing environment variables so that they could either hold the value itself or a path.
e.g.
MYSQL_ROOT_PASSWORD=12345
# or
MYSQL_ROOT_PASSWORD=/run/secrets/mysql_root_pw
And in functions.sh
:
if [ -f $MYSQL_ROOT_PASSWORD ]; then
MYSQL_ROOT_PASSWORD=`cat $MYSQL_ROOT_PASSWORD`
elif [ -z "${MYSQL_ROOT_PASSWORD}" ]; then
# apply defaults
fi
But there are three downsides if docker secrets got support this way. It is quite implicit, you'll have to maintain multiple secret - files instead of one and you'll bloat functions.sh
.
Hi,
Thanks for the PR, I will test it out.
I currently don't have a swarm/k8 cluster, I tested that the PR does not break the default behavior and it does not, so I will merge it.
Thanks.
Perfect, thanks!
This MR will add support for docker secrets. Using docker swarm or kubernetes this will provide a safer/cleaner way to pass the required credentials.
The secret file itself is has to be structured like a usual
.env
- file and will be "sourced" prior the default values will be applied.