Add support for passwords in files

Question

Add support for passwords in files

kdomke opened this issue a year ago · 3 comments

If you deploy the image in a swarm environment the only secure way of providing passwords is via docker secrets.

echo SuperSecurePassword | docker secrets create secret_password

Those secrets are presented to the container via virtual files.

With many other images there is a file based alternative to supply the password, mariadb e.g.

MARIADB_ROOT_PASSWORD_FILE=/run/secret/secret_password

The implementation in the entrypoint.sh does not look too bad (lines 22ff):

# usage: file_env VAR [DEFAULT]
#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
	local var="$1"
	local fileVar="${var}_FILE"
	local def="${2:-}"
	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
		mysql_error "Both $var and $fileVar are set (but are exclusive)"
	fi
	local val="$def"
	if [ "${!var:-}" ]; then
		val="${!var}"
	elif [ "${!fileVar:-}" ]; then
		val="$(< "${!fileVar}")"
	fi
	export "$var"="$val"
	unset "$fileVar"
}

Answer 1 · 2023-06-16T08:44:20.000Z

Hi, yeah makes sense. I've had this on my mind for a while.

You want to open a PR?

Answer 2 · 2023-06-28T15:13:00.000Z

@kdomke I just pushed some code. Would be very helpful if you could test it.

#156

Answer 3 · 2023-07-11T06:35:53.000Z

Hi, the feature is in the latest Images.