diff options
| author |  Frédéric Guillot <fred@miniflux.net>
| 2020-06-29 20:49:05 -0700 |
|---|---|---|
| committer | Frédéric Guillot <fred@miniflux.net>
| 2020-06-29 21:01:37 -0700 |
| commit | d2f4ed93df5e1866c5389aa2a687a6bc3c944b1d (patch) | |
| tree | 57c6ec5c869a271273b161ed5ce790ab29ec82fe /config/parser.go | |
| parent | 1d6b0491a75687553fa9c37b68cd5f71aa6fee6e (diff) | |
| download | v2-d2f4ed93df5e1866c5389aa2a687a6bc3c944b1d.tar.gz v2-d2f4ed93df5e1866c5389aa2a687a6bc3c944b1d.tar.zst v2-d2f4ed93df5e1866c5389aa2a687a6bc3c944b1d.zip | |
Add support for secret keys exposed as a file
Secret keys are often exposed as a file in containerized environments.
Diffstat (limited to 'config/parser.go')
| -rw-r--r-- | config/parser.go | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/config/parser.go b/config/parser.go index 810ce56b..77b74357 100644 --- a/config/parser.go +++ b/config/parser.go @@ -6,9 +6,11 @@ package config // import "miniflux.app/config" import ( "bufio" + "bytes" "errors" "fmt" "io" + "io/ioutil" url_parser "net/url" "os" "strconv" @@ -88,6 +90,8 @@ func (p *Parser) parseLines(lines []string) (err error) { p.opts.listenAddr = parseString(value, defaultListenAddr) case "DATABASE_URL": p.opts.databaseURL = parseString(value, defaultDatabaseURL) + case "DATABASE_URL_FILE": + p.opts.databaseURL = readSecretFile(value, defaultDatabaseURL) case "DATABASE_MAX_CONNS": p.opts.databaseMaxConns = parseInt(value, defaultDatabaseMaxConns) case "DATABASE_MIN_CONNS": @@ -148,14 +152,28 @@ func (p *Parser) parseLines(lines []string) (err error) { p.opts.proxyImages = parseString(value, defaultProxyImages) case "CREATE_ADMIN": p.opts.createAdmin = parseBool(value, defaultCreateAdmin) + case "ADMIN_USERNAME": + p.opts.adminUsername = parseString(value, defaultAdminUsername) + case "ADMIN_USERNAME_FILE": + p.opts.adminUsername = readSecretFile(value, defaultAdminUsername) + case "ADMIN_PASSWORD": + p.opts.adminPassword = parseString(value, defaultAdminPassword) + case "ADMIN_PASSWORD_FILE": + p.opts.adminPassword = readSecretFile(value, defaultAdminPassword) case "POCKET_CONSUMER_KEY": p.opts.pocketConsumerKey = parseString(value, defaultPocketConsumerKey) + case "POCKET_CONSUMER_KEY_FILE": + p.opts.pocketConsumerKey = readSecretFile(value, defaultPocketConsumerKey) case "OAUTH2_USER_CREATION": p.opts.oauth2UserCreationAllowed = parseBool(value, defaultOAuth2UserCreation) case "OAUTH2_CLIENT_ID": p.opts.oauth2ClientID = parseString(value, defaultOAuth2ClientID) + case "OAUTH2_CLIENT_ID_FILE": + p.opts.oauth2ClientID = readSecretFile(value, defaultOAuth2ClientID) case "OAUTH2_CLIENT_SECRET": p.opts.oauth2ClientSecret = parseString(value, defaultOAuth2ClientSecret) + case "OAUTH2_CLIENT_SECRET_FILE": + p.opts.oauth2ClientSecret = readSecretFile(value, defaultOAuth2ClientSecret) case "OAUTH2_REDIRECT_URL": p.opts.oauth2RedirectURL = parseString(value, defaultOAuth2RedirectURL) case "OAUTH2_OIDC_DISCOVERY_ENDPOINT": @@ -235,3 +253,17 @@ func parseString(value string, fallback string) string { } return value } + +func readSecretFile(filename, fallback string) string { + data, err := ioutil.ReadFile(filename) + if err != nil { + return fallback + } + + value := string(bytes.TrimSpace(data)) + if value == "" { + return fallback + } + + return value +} |