Support KEY_FILE environment variable
apetresc opened this issue · 2 comments
It's a very common pattern in container orchestration platforms (like Docker Swarm or Kubernetes) for secrets (like the API key) to be providable as a file, with the path to the file stored in a *_FILE
environment variable (with the *
being the envvar of the secret if it's being provided directly).
The reason for this is to allow the runtime to use a secrets backend that mounts secrets in /run/secrets
(like this). This is way better than passing them in as environment variables especially on a shared platform like Kubernetes, since those can be read by anyone with local access to the node.
I am aware that the key can also be passed in through the config file, but again, it's often desirable to manage configuration separately from secrets. I don't want to have to mark my entire config file as a secret.
So, at the end of the day, all I am asking for is an API_KEY_FILE
envvar that points to a file containing just the API key 🙂
Makes sense. Passing KEY_FILE
will soon be supported by niklasf/fishnet:master
(after https://github.com/niklasf/fishnet/actions/runs/1072766558 finishes), and then the next release, eventually.
Thanks so much :) Seems to be working, was able to join with this stack:
---
version: "3.7"
services:
fishnet:
image: niklasf/fishnet:master
environment:
- KEY_FILE=/run/secrets/fishnet_key
secrets:
- fishnet_key
secrets:
fishnet_key:
external: true