added integration for docker secrets

This commit is contained in:
Abbie Wade 2021-11-20 10:54:34 +11:00
parent 4c1c0087c7
commit 7a8808df4f
7 changed files with 4242 additions and 13 deletions

View File

@ -1,4 +1,9 @@
version: '3' version: "3"
secrets:
password:
file: ./secrets/password
services: services:
flame: flame:
image: pawelmalak/flame image: pawelmalak/flame
@ -7,6 +12,8 @@ services:
- /path/to/data:/app/data - /path/to/data:/app/data
ports: ports:
- 5005:5005 - 5005:5005
secrets:
- password
environment: environment:
- PASSWORD=flame_password - PASSWORD_FILE=/run/secrets/password
restart: unless-stopped restart: unless-stopped

1
.docker/secrets/password Normal file
View File

@ -0,0 +1 @@
flame_docker_secret_password

View File

@ -70,6 +70,10 @@ services:
restart: unless-stopped restart: unless-stopped
``` ```
##### Docker Secrets
All environment variables set can be overwritten by appending `_FILE` to the variable value.For example, you can use `PASSWORD_FILE` to pass through a docker secret instead of `PASSWORD`. If both `PASSWORD` and `PASSWORD_FILE` are set, the docker secret will take precedent. An example using docker secrets is available in [here](.docker/docker-compose.yml).
#### Skaffold #### Skaffold
```sh ```sh

4219
package-lock.json generated

File diff suppressed because it is too large Load Diff

View File

@ -22,6 +22,7 @@
"axios": "^0.24.0", "axios": "^0.24.0",
"colors": "^1.4.0", "colors": "^1.4.0",
"concurrently": "^6.3.0", "concurrently": "^6.3.0",
"docker-secret": "^1.2.3",
"dotenv": "^10.0.0", "dotenv": "^10.0.0",
"express": "^4.17.1", "express": "^4.17.1",
"jsonwebtoken": "^8.5.1", "jsonwebtoken": "^8.5.1",

View File

@ -1,7 +1,9 @@
const initConfig = require('./initConfig'); const initConfig = require('./initConfig');
const initFiles = require('./initFiles'); const initFiles = require('./initFiles');
const initSecrets = require('./initSecrets');
const initApp = async () => { const initApp = async () => {
initSecrets();
await initFiles(); await initFiles();
await initConfig(); await initConfig();
}; };

15
utils/init/initSecrets.js Normal file
View File

@ -0,0 +1,15 @@
const { getSecrets } = require('docker-secret');
const Logger = require('../Logger');
const logger = new Logger();
const initSecrets = () => {
const secrets = getSecrets();
for (const property in secrets) {
const upperProperty = property.toUpperCase();
process.env[upperProperty] = secrets[property];
logger.log(`${upperProperty} was overwritten with docker secret value`, 'WARN');
}
};
module.exports = initSecrets;