support using files for SECRET_KEY and DB_PW

this enables usage of e.g. docker swarm secrets instead of exposing the passwords directly via environment variables just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
4 years ago · 02cfe326d3
parent 550065b043
commit 02cfe326d3
2 changed files with 11 additions and 2 deletions
--- a/core/admin/mailu/configuration.py
+++ b/core/admin/mailu/configuration.py
@ -100,6 +100,15 @@ class ConfigManager(dict):
        if self.config["WEBMAIL"] != "none":
            self.config["WEBMAIL_ADDRESS"] = self.get_host_address("WEBMAIL")

+    def __get_env(self, key, value):
+        key_file = key + "_FILE"
+        if key_file in os.environ:
+            with open(os.environ.get(key_file)) as file:
+                value_from_file = file.read()
+            return value_from_file.strip()
+        else:
+            return os.environ.get(key, value)
+
    def __coerce_value(self, value):
        if isinstance(value, str) and value.lower() in ('true','yes'):
            return True
@ -111,7 +120,7 @@ class ConfigManager(dict):
        self.config.update(app.config)
        # get environment variables
        self.config.update({
-            key: self.__coerce_value(os.environ.get(key, value))
+            key: self.__coerce_value(self.__get_env(key, value))
            for key, value in DEFAULT_CONFIG.items()
        })
        self.resolve_hosts()
--- a/webmails/roundcube/config.inc.php
+++ b/webmails/roundcube/config.inc.php
@ -5,7 +5,7 @@ $config = array();
 // Generals
 $config['db_dsnw'] = getenv('DB_DSNW');;
 $config['temp_dir'] = '/tmp/';
-$config['des_key'] = getenv('SECRET_KEY');
+$config['des_key'] = getenv('SECRET_KEY') ? getenv('SECRET_KEY') : trim(file_get_contents(getenv('SECRET_KEY_FILE')));
 $config['cipher_method'] = 'AES-256-CBC';
 $config['identities_level'] = 0;
 $config['reply_all_mode'] = 1;