Some environment variables, such as DB_PASSWORD and KOMODO_PASSKEY, contain sensitive data that should be excluded from the compose file and/or environment file. Typically this is achieved by adding them to the container as a secret file. To make this work, Komodo should be able to read the variables from a file instead of from the environment directly, e.g.:
For Komodo's part, all it would need to do is recognize these _FILE variables and assign their contents to the correct environment variable during initialization (e.g. DB_PASSWORD=$(cat "$DB_PASSWORD_FILE"); export DB_PASSWORD).
Note: After reading the docs some more I saw this section. While this is indeed a solution that keeps sensitive data out of the environment, it's not really ideal because config files aren't really 'secrets'; they don't operate in the same way when it comes to mounting, and are typically not stored in the same directory and/or with the same permissions.
Some environment variables, such as
DB_PASSWORD
andKOMODO_PASSKEY
, contain sensitive data that should be excluded from the compose file and/or environment file. Typically this is achieved by adding them to the container as a secret file. To make this work, Komodo should be able to read the variables from a file instead of from the environment directly, e.g.:For Komodo's part, all it would need to do is recognize these
_FILE
variables and assign their contents to the correct environment variable during initialization (e.g.DB_PASSWORD=$(cat "$DB_PASSWORD_FILE"); export DB_PASSWORD
).Note: After reading the docs some more I saw this section. While this is indeed a solution that keeps sensitive data out of the environment, it's not really ideal because config files aren't really 'secrets'; they don't operate in the same way when it comes to mounting, and are typically not stored in the same directory and/or with the same permissions.