From d863bdbe81127bc79d90c280133f3038eaa2f4ac Mon Sep 17 00:00:00 2001
From: notplants <mfowler.email@protonmail.com>
Date: Sun, 2 Nov 2025 14:36:44 -0500
Subject: [PATCH] db password stops working with secret

---
 abra-entrypoint.sh | 15 +++++++--------
 compose.yml        | 12 ++++++++++--
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/abra-entrypoint.sh b/abra-entrypoint.sh
index 39ac0c8..46b689f 100644
--- a/abra-entrypoint.sh
+++ b/abra-entrypoint.sh
@@ -7,16 +7,15 @@ shift
 
 echo "++ original entrypoint: ${ORIGINAL_ENTRYPOINT}"
 
-# --- Load secrets into environment variables ---
-if [ -d /run/secrets ]; then
-  for secret_file in /run/secrets/*; do
-    echo "++ loading secret: ${secret_file}"
-    var_name=$(basename "$secret_file" | tr '[:lower:]' '[:upper:]')
-    export "$var_name"="$(cat "$secret_file")"
-  done
-fi
+[ -f /run/secrets/postgres_password ] && export DB_PASSWORD="$(cat /run/secrets/postgres_password)"
+[ -f /run/secrets/django_secret_key ] && export DJANGO_SECRET_KEY="$(cat /run/secrets/django_secret_key)"
+[ -f /run/secrets/django_superuser_password ] && export DJANGO_SUPERUSER_PASSWORD="$(cat /run/secrets/django_superuser_password)"
+[ -f /run/secrets/oidc_rp_client_secret ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rp_client_secret)"
+[ -f /run/secrets/collaboration_server_secret ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collaboration_server_secret)"
 
 echo "++ command: ${@}"
+echo "++ env: "
+printenv
 
 # --- Execute the original entrypoint and command ---
 if [ -n "$ORIGINAL_ENTRYPOINT" ] && [ "$ORIGINAL_ENTRYPOINT" != "null" ]; then
diff --git a/compose.yml b/compose.yml
index af88f00..6bbef30 100644
--- a/compose.yml
+++ b/compose.yml
@@ -59,13 +59,14 @@ x-postgres-env: &postgres-env
   POSTGRES_DB: docs
   POSTGRES_USER: docs
   # FIXME: Move to docker secret
-  POSTGRES_PASSWORD: password
+  XX_POSTGRES_PASSWORD: password
+  POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
   # App database configuration
   DB_HOST: db
   DB_NAME: docs
   DB_USER: docs
   # FIXME: Move to docker secret
-  DB_PASSWORD: password
+  XX_DB_PASSWORD: password
   DB_PORT: 5432
 
 x-yprovider-env: &yprovider-env
@@ -201,6 +202,13 @@ services:
         - source: abra_entrypoint
           target: /abra-entrypoint.sh
           mode: 0555
+    secrets:
+      - django_secret_key
+      - oidc_rp_client_secret
+      - django_superuser_password
+      - collaboration_server_secret
+      - minio_root_password
+      - postgres_password
 
   redis:
     image: redis:8