Compare commits
2 Commits
0.5.0+4.6.
...
cryptosecr
| Author | SHA1 | Date | |
|---|---|---|---|
| c6de93d2da | |||
| b3e74fa7ef |
@ -7,7 +7,7 @@ LETS_ENCRYPT_ENV=production
|
||||
#==============================================================================
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_CRYPTO_KEY_VERSION=v1
|
||||
CRYPTO_KEY_VERSION=v1 # This secret is managed in the entrypoint, not as a docker secret
|
||||
|
||||
#==============================================================================
|
||||
# ADMINISTRATION
|
||||
|
||||
9
abra.sh
9
abra.sh
@ -40,13 +40,4 @@ setup_db() {
|
||||
fi
|
||||
|
||||
echo "Database setup complete. <3"
|
||||
}
|
||||
|
||||
gen_key() {
|
||||
file_env "DB_PASSWORD"
|
||||
file_env "CRYPTO_KEY"
|
||||
file_env "SECRET_KEY"
|
||||
file_env "LDAP_BIND_PASSWORD"
|
||||
|
||||
flask cryptokey create
|
||||
}
|
||||
@ -59,7 +59,6 @@ services:
|
||||
- ROOT_USER=${ADMIN_USER}
|
||||
- TMP_DIR=/tmp
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- CRYPTO_KEY_FILE=/run/secrets/crypto_key
|
||||
- SESSION_TYPE=filesystem
|
||||
- LOG_LEVEL=INFO
|
||||
- LOG_DIR=/app/logs
|
||||
@ -86,6 +85,7 @@ services:
|
||||
- LDAP_MAIL_ATTRIB
|
||||
- LDAP_RECOVER_PASSWD_URL
|
||||
- E2EE_MODE
|
||||
- CRYPTO_KEY_VERSION
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
@ -96,10 +96,10 @@ services:
|
||||
- uploads:/app/uploads
|
||||
- log:/app/logs
|
||||
- static:/app/liberaforms/static
|
||||
- cryptokey:/cryptokey
|
||||
secrets:
|
||||
- db_password
|
||||
- secret_key
|
||||
- crypto_key
|
||||
networks:
|
||||
- internal
|
||||
|
||||
@ -137,15 +137,13 @@ secrets:
|
||||
secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
crypto_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_crypto_key_${SECRET_CRYPTO_KEY_VERSION}
|
||||
|
||||
volumes:
|
||||
uploads:
|
||||
static:
|
||||
log:
|
||||
db:
|
||||
cryptokey:
|
||||
|
||||
|
||||
networks:
|
||||
|
||||
@ -25,8 +25,12 @@ file_env() {
|
||||
}
|
||||
|
||||
file_env "DB_PASSWORD"
|
||||
file_env "CRYPTO_KEY"
|
||||
file_env "SECRET_KEY"
|
||||
file_env "LDAP_BIND_PASSWORD"
|
||||
|
||||
if [ ! -f "/cryptokey/$CRYPTO_KEY_VERSION" ]; then
|
||||
flask cryptokey create > /cryptokey/$CRYPTO_KEY_VERSION
|
||||
fi
|
||||
export CRYPTO_KEY=`cat /cryptokey/$CRYPTO_KEY_VERSION`
|
||||
|
||||
/usr/bin/supervisord -n
|
||||
Reference in New Issue
Block a user