From c3f51c412b21396e886207191beb691565457509 Mon Sep 17 00:00:00 2001 From: Daniil Karandashov Date: Sat, 14 Dec 2019 18:21:43 +0300 Subject: [PATCH] add passing secret key through file for docker swarm secrets --- README.rst | 15 ++++++++++++++- syncserver/__init__.py | 3 +++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/README.rst b/README.rst index 5942388..d19b09d 100644 --- a/README.rst +++ b/README.rst @@ -122,8 +122,21 @@ environmet variables, like this:: -e PORT=5000 \ mozilla/syncserver:latest + or + + $ docker run --rm \ + -p 5000:5000 \ + -e SYNCSERVER_PUBLIC_URL=http://localhost:5000 \ + -e SYNCSERVER_SECRET_FILE= \ + -e SYNCSERVER_SQLURI=sqlite:////tmp/syncserver.db \ + -e SYNCSERVER_BATCH_UPLOAD_ENABLED=true \ + -e SYNCSERVER_FORCE_WSGI_ENVIRON=false \ + -e PORT=5000 \ + -v /secret/file/at/host: \ + mozilla/syncserver:latest + Don't forget to `generate a random secret key `_ -to use in the `SYNCSERVER_SECRET` environment variable! +to use in the `SYNCSERVER_SECRET` environment variable or mount your secret key file! And you can test whether it's running correctly by using the builtin function test suite, like so:: diff --git a/syncserver/__init__.py b/syncserver/__init__.py index 3650c01..16d4e9f 100644 --- a/syncserver/__init__.py +++ b/syncserver/__init__.py @@ -185,6 +185,9 @@ def import_settings_from_environment_variables(settings, environ=None): "storage.batch_upload_enabled", str_to_bool), ) + if "SYNCSERVER_SECRET_FILE" in environ: + settings["syncserver.secret"] = open(environ["SYNCSERVER_SECRET_FILE"]) + .read().strip() for key, name, convert in SETTINGS_FROM_ENVIRON: try: settings[name] = convert(environ[key])