github/woodpecker
1
0
Fork 0
mirror of https://github.com/woodpecker-ci/woodpecker.git synced 2025-10-21 17:08:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow loading sensitive flags from files (#815)

Browse Source 
With systems like docker swarm or docker compose it is usually a little awkward to manage secrets. 
There is no way to directly inject them into the environment config. So you often have to write your secrets directly into the compose file

There are hacky workarounds such as overriding the entry-point of the container and loading a script which then fetches secrets from /run/secrets and replaces the environment variables, but this becomes very difficult once we are using docker images built from "scratch" (which is a really great practice otherwise) as there is no shell or standard tooling available

This adds a *_FILE variant of their Environment config values to work around this issue.

Signed-off-by: Lukas Bachschwell <lukas@lbsfilm.at>
This commit is contained in:
Lukas Bachschwell
2022-03-01 16:09:33 +01:00
committed by GitHub
parent 86748bb8f6
commit 09e6460f95
11 changed files with 226 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/agent/flags.go
View File

@@ -15,6 +15,7 @@
package main
import (
"os"
"time"
"github.com/urfave/cli/v2"
@@ -34,9 +35,10 @@ var flags = []cli.Flag{
Value: "x-oauth-basic",
},
&cli.StringFlag{
EnvVars: []string{"WOODPECKER_AGENT_SECRET"},
Name: "grpc-password",
Usage: "server-agent shared password",
EnvVars: []string{"WOODPECKER_AGENT_SECRET"},
Name: "grpc-password",
Usage: "server-agent shared password",
FilePath: os.Getenv("WOODPECKER_AGENT_SECRET_FILE"),
},
&cli.BoolFlag{
EnvVars: []string{"WOODPECKER_GRPC_SECURE"},