-
Notifications
You must be signed in to change notification settings - Fork 236
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for file-based docker secrets #1367
base: main
Are you sure you want to change the base?
Conversation
Doing this just for one secret seems odd, wouldn't it be better to have some loader or something that does the file reading on the fly? |
You think of adding it for the mail password as well, and introducing a new utility that manages the precedence logic? Fine with me. Where should I put this utility? |
Yes i mean adding some utilitarian wrapper for it :D Imho we could add it directly to the In addition it might be a good idea to also have a look how other projects handle the "magical" loading of files here, do you have an overview over that? |
I moved the wrapper to Also, I've actually tested it now :-) |
The |
I added a unit test. Given that we use this |
The recommendation for passwords is to use secrets instead of writing them to compose files or environment variables.
This adds support for
MYSQL_PASSWORD_FILE
,MAIL_PASSWORD_FILE
andSETUP_ADMIN_PASSWORD
.This is in line with https://docs.docker.com/compose/use-secrets/ and works like
mariadb
. Note that this PR only changes the php side. We might want to change the compose file as well like we do over here: froscon#5