Add support for ETURNAL_SECRET_FILE to allow Docker secrets workflow

processone / eturnal

STUN / TURN standalone server

https://eturnal.net

Apache License 2.0

237 stars 22 forks source link

Add support for ETURNAL_SECRET_FILE to allow Docker secrets workflow #64

Closed glalejos closed 7 months ago

glalejos commented 7 months ago

Hello,

I'm trying to pull out all secrets from a Docker Compose definition (and for that I'm moving to a Docker Stack schema), but I'm struggling with the ETURNAL_SECRET environment variable.

This separation could be easily achieved if the eturnal Docker image supported an ETURNAL_SECRET_FILE environment variable that pointed to the location of a file which contained the secret.

Thank you,

Guillermo

sando38 commented 7 months ago

Hello, yes we can implement that. We actually have it in the acme variant of the container image already. Will see into it the next days.

sando38 commented 7 months ago

I actually pushed a commit already which should enable it. Will look later if it works. You can give it a try with using the edge tag, once the github action workflow ran through.

sando38 commented 7 months ago

NB: This would be a corresponding docker run command, all environment variables with a __FILE appendix will be treated as Docker secrets:

docker run \
    --secret eturnal_secret \
    -e ETURNAL_SECRET__FILE='/run/secrets/eturnal_secret' \
  ghcr.io/processone/eturnal:edge

glalejos commented 7 months ago

Thanks for reacting so fast @sando38 ! I've tried eturnal/eturnal:edge@sha256:80e864bdd960ec6e6e3e2f6103b5399b96addc1b4b09ab495ec01f7fa54cfe0d with ETURNAL_SECRET_FILE and works fine.

sando38 commented 7 months ago

Thanks for the feedback 👍