Add support for consuming docker / kubernetes secrets passed as _FILE environment variables (#136)

* mod: condense Dockerfile * add: _FILE feature add: list of sensitive env_vars * mod: sorted env_var list * add: complete current env_var list * fix: formatting * mod: revert Dockerfile to prev. version * mod: updated comment to be more descriptive mod: rename variables to be more descriptive * rem: list of env_var; no longer needed. mod: env_file_replace function ^ search for all <env_var>_FILE variables and replace ^ <env_var> if the file exists and is not empty mod: env_file_replace comment Co-authored-by: pyunramura <jeremy.cummings@live.com>
2025-01-18 15:32:54 +01:00 · 2022-03-03 07:43:14 -06:00 · 2022-03-03 07:43:14 -06:00 · 573b6440d3
commit 573b6440d3
parent 9c1a5d0faf
1 changed files with 17 additions and 2 deletions
--- a/17
+++ b/17
@ -4,6 +4,17 @@ set -e
 ssl_dir="/opt/ssl"
 php_dir="/opt/ldap_user_manager"

+env_file_replace() {
+  for env_file in $(env|grep _FILE=); do
+    read -a env <<< "$(echo "$env_file" | sed 's/\(.*\)_FILE=\(.*\)/\1 \2/')"
+    if [ -s "${env[1]}" ]; then
+      echo Setting "${env[0]}" from "${env[1]}"
+      export "${env[0]}"="$(cat "${env[1]}")"
+      else echo "${env[1]} does not exist or is empty. Leaving ${env[0]} unset"
+    fi
+  done
+}
+
 if [ ! "$SERVER_HOSTNAME" ]; then export SERVER_HOSTNAME="ldapusermanager.org"; fi
 if [ ! "$SERVER_PATH" ]; then
  export SERVER_PATH="/";
@ -72,7 +83,7 @@ else

    echo "Generating openssl configuration"

-    cat <<EoCertConf>$confout
+    cat <<EoCertConf >$confout
 subjectAltName = DNS:${SERVER_HOSTNAME},IP:127.0.0.1
 extendedKeyUsage = serverAuth
 EoCertConf
@ -145,6 +156,10 @@ fi

 cat /etc/apache2/sites-enabled/lum.conf

+########################
+#If <env_var>_FILE is set, read and export env_var from the referenced file's contents
+env_file_replace
+
 ########################
 #Run Apache