db password stops working with secret

2025-11-02 14:36:44 -05:00
parent 3e4cf66594
commit d863bdbe81
2 changed files with 17 additions and 10 deletions
--- a/abra-entrypoint.sh
+++ b/abra-entrypoint.sh
@ -7,16 +7,15 @@ shift

 echo "++ original entrypoint: ${ORIGINAL_ENTRYPOINT}"

-# --- Load secrets into environment variables ---
-if [ -d /run/secrets ]; then
-  for secret_file in /run/secrets/*; do
-    echo "++ loading secret: ${secret_file}"
-    var_name=$(basename "$secret_file" | tr '[:lower:]' '[:upper:]')
-    export "$var_name"="$(cat "$secret_file")"
-  done
-fi
+[ -f /run/secrets/postgres_password ] && export DB_PASSWORD="$(cat /run/secrets/postgres_password)"
+[ -f /run/secrets/django_secret_key ] && export DJANGO_SECRET_KEY="$(cat /run/secrets/django_secret_key)"
+[ -f /run/secrets/django_superuser_password ] && export DJANGO_SUPERUSER_PASSWORD="$(cat /run/secrets/django_superuser_password)"
+[ -f /run/secrets/oidc_rp_client_secret ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rp_client_secret)"
+[ -f /run/secrets/collaboration_server_secret ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collaboration_server_secret)"

 echo "++ command: ${@}"
+echo "++ env: "
+printenv

 # --- Execute the original entrypoint and command ---
 if [ -n "$ORIGINAL_ENTRYPOINT" ] && [ "$ORIGINAL_ENTRYPOINT" != "null" ]; then
--- a/compose.yml
+++ b/compose.yml
@ -59,13 +59,14 @@ x-postgres-env: &postgres-env
  POSTGRES_DB: docs
  POSTGRES_USER: docs
  # FIXME: Move to docker secret
-  POSTGRES_PASSWORD: password
+  XX_POSTGRES_PASSWORD: password
+  POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
  # App database configuration
  DB_HOST: db
  DB_NAME: docs
  DB_USER: docs
  # FIXME: Move to docker secret
-  DB_PASSWORD: password
+  XX_DB_PASSWORD: password
  DB_PORT: 5432

 x-yprovider-env: &yprovider-env
@ -201,6 +202,13 @@ services:
        - source: abra_entrypoint
          target: /abra-entrypoint.sh
          mode: 0555
+    secrets:
+      - django_secret_key
+      - oidc_rp_client_secret
+      - django_superuser_password
+      - collaboration_server_secret
+      - minio_root_password
+      - postgres_password

  redis:
    image: redis:8