diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index e1a4d336d..f23f97fac 100644 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -1,6 +1,41 @@ #!/usr/bin/env sh set -e +# usage: file_env VAR [DEFAULT] +# Set $VAR to the contents of the path specified by $VAR_FILE. Useful for docker secrets +file_env() { + VAR="$1" + FILE_VAR="${VAR}_FILE" + eval "VAR_EXPANDED=\"\${$VAR}\"" + eval "FILE_VAR_EXPANDED=\"\${$FILE_VAR}\"" + DEFAULT="${2:-}" + + if [ "${VAR_EXPANDED:-}" ] && [ "${FILE_VAR_EXPANDED:-}" ]; then + echo >&2 "error: both $VAR and $FILE_VAR are set (but are exclusive)" + exit 1 + fi + + VAL="$DEFAULT" + if [ "${VAR_EXPANDED:-}" ]; then + VAL="${VAR_EXPANDED}" + elif [ "${FILE_VAR_EXPANDED:-}" ]; then + if [ -f "${FILE_VAR_EXPANDED}" ]; then + VAL="$(cat "${FILE_VAR_EXPANDED}")" + else + echo >&2 "error: couldn't find file at '$FILE_VAR_EXPANDED'" + exit 1 + fi + fi + + export "$VAR"="$VAL" + unset "$FILE_VAR" +} + +# Substitue all env vars starting with VIKUNJA and ending with _FILE +for var in $(env | sed -n "s/^\(VIKUNJA.*\)_FILE=.*$/\1/p"); do + file_env "${var}" +done + if [ -n "$PUID" ] && [ "$PUID" -ne 0 ] && \ [ -n "$PGID" ] && [ "$PGID" -ne 0 ] ; then echo "info: creating the new user vikunja with $PUID:$PGID" diff --git a/docs/content/doc/setup/config.md b/docs/content/doc/setup/config.md index e25f31126..57ca1b11e 100644 --- a/docs/content/doc/setup/config.md +++ b/docs/content/doc/setup/config.md @@ -27,6 +27,31 @@ first: child: true {{< /highlight >}} +## Docker +Environment variables that contain senstitive data can be suffixed with `_FILE`. If you take the expected environment variable for the configuration +option with the _FILE suffix at the end, the contents of the file it points to will be used. See [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/) +and [Docker Compose](https://docs.docker.com/compose/use-secrets/) docs for more info on using secrets. + +{{< highlight bash >}} +echo "a super secure random secret" > /host/secrets/path/vikunja_service_jwtsecret +{{< /highlight >}} + +{{< highlight yaml >}} +version: '3' + +secrets: + vikunja_service_jwtsecret: + file: /host/secrets/path/vikunja_service_jwtsecret + +services: + api: + image: vikunja/api + secrets: + - vikunja_service_jwtsecret + environment: + VIKUNJA_SERVICE_JWTSECRET_FILE: /run/secrets/vikunja_service_jwtsecret +{{< /highlight >}} + # Formats Vikunja supports using `toml`, `yaml`, `hcl`, `ini`, `json`, envfile, env variables and Java Properties files.