support using files for SECRET_KEY and DB_PW

this enables usage of e.g. docker swarm secrets instead of exposing the
passwords directly via environment variables

just use DB_PW_FILE and SECRET_KEY_FILE instead of DB_PW and SECRET_KEY
master
lub 4 years ago
parent 550065b043
commit 02cfe326d3

@ -100,6 +100,15 @@ class ConfigManager(dict):
if self.config["WEBMAIL"] != "none": if self.config["WEBMAIL"] != "none":
self.config["WEBMAIL_ADDRESS"] = self.get_host_address("WEBMAIL") self.config["WEBMAIL_ADDRESS"] = self.get_host_address("WEBMAIL")
def __get_env(self, key, value):
key_file = key + "_FILE"
if key_file in os.environ:
with open(os.environ.get(key_file)) as file:
value_from_file = file.read()
return value_from_file.strip()
else:
return os.environ.get(key, value)
def __coerce_value(self, value): def __coerce_value(self, value):
if isinstance(value, str) and value.lower() in ('true','yes'): if isinstance(value, str) and value.lower() in ('true','yes'):
return True return True
@ -111,7 +120,7 @@ class ConfigManager(dict):
self.config.update(app.config) self.config.update(app.config)
# get environment variables # get environment variables
self.config.update({ self.config.update({
key: self.__coerce_value(os.environ.get(key, value)) key: self.__coerce_value(self.__get_env(key, value))
for key, value in DEFAULT_CONFIG.items() for key, value in DEFAULT_CONFIG.items()
}) })
self.resolve_hosts() self.resolve_hosts()

@ -5,7 +5,7 @@ $config = array();
// Generals // Generals
$config['db_dsnw'] = getenv('DB_DSNW');; $config['db_dsnw'] = getenv('DB_DSNW');;
$config['temp_dir'] = '/tmp/'; $config['temp_dir'] = '/tmp/';
$config['des_key'] = getenv('SECRET_KEY'); $config['des_key'] = getenv('SECRET_KEY') ? getenv('SECRET_KEY') : trim(file_get_contents(getenv('SECRET_KEY_FILE')));
$config['cipher_method'] = 'AES-256-CBC'; $config['cipher_method'] = 'AES-256-CBC';
$config['identities_level'] = 0; $config['identities_level'] = 0;
$config['reply_all_mode'] = 1; $config['reply_all_mode'] = 1;

Loading…
Cancel
Save