Docker secrets integration

This commit is contained in:
Paweł Malak 2021-12-02 16:43:13 +01:00
parent d1d32cdbe6
commit 48b91581b8
10 changed files with 21753 additions and 111 deletions

View file

@ -4,7 +4,7 @@ WORKDIR /app
COPY package*.json ./
RUN apk --no-cache --virtual build-dependencies add python make g++ \
RUN apk --no-cache --virtual build-dependencies add python python3 make g++ \
&& npm install --production
COPY . .

View file

@ -1,19 +1,22 @@
version: "3"
secrets:
password:
file: ./secrets/password
version: '3.6'
services:
flame:
image: pawelmalak/flame
container_name: flame
volumes:
- /path/to/data:/app/data
- /path/to/host/data:/app/data
# - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
ports:
- 5005:5005
secrets:
- password
# secrets:
# - password # optional but required for (1)
environment:
- PASSWORD_FILE=/run/secrets/password
- PASSWORD=flame_password
# - PASSWORD_FILE=/run/secrets/password # optional but required for (1)
restart: unless-stopped
# optional but required for Docker secrets (1)
# secrets:
# password:
# file: /path/to/secrets/password

View file

@ -1 +0,0 @@
flame_docker_secret_password

View file

@ -1 +1,2 @@
*.md
*.md
docker-compose.yml

View file

@ -55,24 +55,43 @@ docker buildx build \
#### Docker-Compose
```yaml
version: '2.1'
version: '3.6'
services:
flame:
image: pawelmalak/flame:latest
image: pawelmalak/flame
container_name: flame
volumes:
- <host_dir>:/app/data
- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration feature
- /path/to/host/data:/app/data
- /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
ports:
- 5005:5005
secrets:
- password # optional but required for (1)
environment:
- PASSWORD=flame_password
- PASSWORD_FILE=/run/secrets/password # optional but required for (1)
restart: unless-stopped
# optional but required for Docker secrets (1)
secrets:
password:
file: /path/to/secrets/password
```
##### Docker Secrets
All environment variables set can be overwritten by appending `_FILE` to the variable value.For example, you can use `PASSWORD_FILE` to pass through a docker secret instead of `PASSWORD`. If both `PASSWORD` and `PASSWORD_FILE` are set, the docker secret will take precedent. An example using docker secrets is available in [here](.docker/docker-compose.yml).
All environment variables can be overwritten by appending `_FILE` to the variable value. For example, you can use `PASSWORD_FILE` to pass through a docker secret instead of `PASSWORD`. If both `PASSWORD` and `PASSWORD_FILE` are set, the docker secret will take precedent.
```bash
# ./secrets/flame_password
my_custom_secret_password_123
# ./docker-compose.yml
secrets:
password:
file: ./secrets/flame_password
```
#### Skaffold

21793
client/package-lock.json generated

File diff suppressed because it is too large Load diff

View file

@ -11,7 +11,6 @@
"@types/jest": "^27.0.2",
"@types/node": "^16.11.6",
"@types/react": "^17.0.34",
"@types/react-autosuggest": "^10.1.5",
"@types/react-beautiful-dnd": "^13.1.2",
"@types/react-dom": "^17.0.11",
"@types/react-redux": "^7.1.20",
@ -21,7 +20,6 @@
"http-proxy-middleware": "^2.0.1",
"jwt-decode": "^3.1.2",
"react": "^17.0.2",
"react-autosuggest": "^10.1.0",
"react-beautiful-dnd": "^13.1.0",
"react-dom": "^17.0.2",
"react-redux": "^7.2.6",

View file

@ -1,5 +1,4 @@
const ErrorResponse = require('../utils/ErrorResponse');
const colors = require('colors');
const Logger = require('../utils/Logger');
const logger = new Logger();

View file

@ -1,9 +1,9 @@
const initConfig = require('./initConfig');
const initFiles = require('./initFiles');
const initSecrets = require('./initSecrets');
const initDockerSecrets = require('./initDockerSecrets');
const initApp = async () => {
initSecrets();
initDockerSecrets();
await initFiles();
await initConfig();
};

View file

@ -2,14 +2,16 @@ const { getSecrets } = require('docker-secret');
const Logger = require('../Logger');
const logger = new Logger();
const initSecrets = () => {
const initDockerSecrets = () => {
const secrets = getSecrets();
for (const property in secrets) {
const upperProperty = property.toUpperCase();
process.env[upperProperty] = secrets[property];
logger.log(`${upperProperty} was overwritten with docker secret value`, 'WARN');
logger.log(`${upperProperty} was overwritten with docker secret value`);
}
};
module.exports = initSecrets;
module.exports = initDockerSecrets;