docker secrets support - jjethwa#85

adarobin · Dec 22, 2017 · dcbd47f · dcbd47f
1 parent 037b781
commit dcbd47f
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,10 @@ sudo docker run -p 4443:4443 -e SERVER_URL=https://MY.HOSTNAME.COM:4443 -e RUNDE
 # Rundeck plugins
 To add (external) plugins, add the jars to the /opt/rundeck-plugins volume and they will be copied over to Rundeck's libext directory at container startup
 
+# Docker secrets
+Reference: https://docs.docker.com/engine/swarm/secrets/
+The entrypoint run script will check for docker secrets set for RUNDECK_PASSWORD, DATABASE_ADMIN_PASSWORD, KEYSTORE_PASS, and TRUSTSTORE_PASS.  If the secret has not been set, it will then check for the environment variable and finally default to generating a random value.
+
 # Environment variables
 
 ```

diff --git a/content/opt/run b/content/opt/run
@@ -43,6 +43,21 @@ if [ ! -f "${initfile}" ]; then
          SERVER_PORT=80
       fi
    fi
+
+   # Docker secrets support
+   if [ -f /run/secrets/RUNDECK_PASSWORD ]; then
+      RUNDECK_PASSWORD = $(< /run/secrets/RUNDECK_PASSWORD)
+   fi
+   if [ -f /run/secrets/DATABASE_ADMIN_PASSWORD ]; then
+      DATABASE_ADMIN_PASSWORD = $(< /run/secrets/DATABASE_ADMIN_PASSWORD)
+   fi
+   if [ -f /run/secrets/KEYSTORE_PASS ]; then
+      KEYSTORE_PASS = $(< /run/secrets/KEYSTORE_PASS)
+   fi
+   if [ -f /run/secrets/TRUSTSTORE_PASS ]; then
+      TRUSTSTORE_PASS = $(< /run/secrets/TRUSTSTORE_PASS)
+   fi
+
    DATABASE_URL=${DATABASE_URL:-"jdbc:mysql://localhost/rundeckdb?autoReconnect=true"}
    RUNDECK_PASSWORD=${RUNDECK_PASSWORD:-$(pwgen -s 15 1)}
    DATABASE_ADMIN_PASSWORD=${DATABASE_ADMIN_PASSWORD:-${RUNDECK_PASSWORD}}