Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secrets handling via entrypoint #2280

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Secrets handling via entrypoint #2280

wants to merge 2 commits into from

Conversation

mabeett
Copy link
Contributor

@mabeett mabeett commented Aug 18, 2024
edited by joshtrichards
Loading

Secrets files handled only in the entrypoint, converted during initial execuition.

Fixes #1148

@mabeett mabeett force-pushed the 1148_secrets_handling branch 6 times, most recently from 8fcc43b to 1f46ed0 Compare August 18, 2024 20:25
@mabeett mabeett force-pushed the 1148_secrets_handling branch from 1f46ed0 to 3ada56d Compare September 4, 2024 15:58
@mabeett mabeett mentioned this pull request Sep 4, 2024
Open
J0WI
J0WI reviewed Sep 18, 2024
View reviewed changes
28/fpm-alpine/entrypoint.sh
elif [ -n "${def}" ]; then
echo "note: using invoked definition for ${var} value"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd not print them

Copy link
Contributor Author

@mabeett mabeett Sep 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was just following the criteria in the context, take note the variable name is printed not the value.

@J0WI
Copy link
Contributor

J0WI commented Sep 18, 2024

If you export all secret values as env, they would also shou up in the containers definition etc. again in cleartext.

@mabeett
Copy link
Contributor Author

mabeett commented Sep 20, 2024
edited
Loading

If you export all secret values as env, they would also shou up in the containers definition etc. again in cleartext.

What do you mean? the variable is exported in the entrypoint.
When I checked it a moth ago I could not get the variable value via docker inspect running_container.

In see. this snippet with a debian image contianer:

$ docker run --name test --rm -it debian
root@9cd023377043:/# export CHECK=gotcha
root@9cd023377043:/# env |  grep got
CHECK=gotcha
root@9cd023377043:/#

in another shell

$ docker inspect test | jq . | grep gotc
$ echo $?
1
$ docker inspect test | jq '.[0].Config.Env[] ' -r
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$

@mabeett
Secrets handling via entrypoint
b617bfc 
Secrets files handled only in the entrypoint, converted during
initial execuition.

Solves nextcloud#1148

Signed-off-by: Matías Pecchia <[email protected]>
@mabeett
Runs update.sh
1a0fb1b 
Signed-off-by: Matías Pecchia <[email protected]>
@mabeett mabeett force-pushed the 1148_secrets_handling branch from 3ada56d to 1a0fb1b Compare September 22, 2024 17:59
@joshtrichards joshtrichards self-requested a review October 10, 2024 00:35
@joshtrichards joshtrichards linked an issue Oct 10, 2024 that may be closed by this pull request
OBJECTSTORE_S3_SSL does not work as documented #2308
Closed
@joshtrichards joshtrichards removed a link to an issue Oct 10, 2024
OBJECTSTORE_S3_SSL does not work as documented #2308
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@J0WI J0WI J0WI left review comments

@joshtrichards joshtrichards Awaiting requested review from joshtrichards

Assignees
No one assigned
Labels
3. to review enhancement feature: auto config (Docker secrets)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for docker secrets on first initialization broken
3 participants
@mabeett @J0WI @joshtrichards