config: refactor secret sourcing

9 files changed, 298 insertions, 276 deletions

diff --git a/Cargo.lock b/Cargo.lock
index 32fa9655..02a85a23 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1227,6 +1227,7 @@ dependencies = [
  "hyper",
  "k2v-client",
  "kuska-sodiumoxide",
+ "mktemp",
  "netapp",
  "opentelemetry",
  "opentelemetry-otlp",
diff --git a/Cargo.nix b/Cargo.nix
index 18b2d359..3860ea7c 100644
--- a/Cargo.nix
+++ b/Cargo.nix
@@ -33,7 +33,7 @@ args@{
   ignoreLockHash,
 }:
 let
-  nixifiedLockHash = "b73d35e98dc62acc3b01aba2cb825ba6e99217e46781b8c59f8e0ceef34e79d6";
+  nixifiedLockHash = "d9e11e914ea70ac73c71ea542e275eaeeffbd42e1bfc311d67c4a952c9e923c7";
   workspaceSrc = if args.workspaceSrc == null then ./. else args.workspaceSrc;
   currentLockHash = builtins.hashFile "sha256" (workspaceSrc + /Cargo.lock);
   lockHashIgnored = if ignoreLockHash
@@ -1771,6 +1771,7 @@ in
       http = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".http."0.2.9" { inherit profileName; }).out;
       hyper = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".hyper."0.14.27" { inherit profileName; }).out;
       k2v_client = (rustPackages."unknown".k2v-client."0.0.4" { inherit profileName; }).out;
+      mktemp = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".mktemp."0.5.0" { inherit profileName; }).out;
       serde_json = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".serde_json."1.0.105" { inherit profileName; }).out;
       sha2 = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".sha2."0.10.7" { inherit profileName; }).out;
       static_init = (rustPackages."registry+https://github.com/rust-lang/crates.io-index".static_init."1.0.3" { inherit profileName; }).out;
diff --git a/doc/book/reference-manual/configuration.md b/doc/book/reference-manual/configuration.md
index a536dd02..77720f7b 100644
--- a/doc/book/reference-manual/configuration.md
+++ b/doc/book/reference-manual/configuration.md
@@ -325,10 +325,9 @@ yourself.
 
 ### `allow_world_readable_secrets`
 
-Garage checks the permissions of your secret files to make sure
-they're not world-readable. In some cases, the check might fail and
-consider your files as world-readable even if they're not. Such as
-when using Posix ACLs.
+Garage checks the permissions of your secret files to make sure they're not
+world-readable. In some cases, the check might fail and consider your files as
+world-readable even if they're not, for instance when using Posix ACLs.
 
 Setting `allow_world_readable_secrets` to `true` bypass this
 permission verification.
diff --git a/src/garage/Cargo.toml b/src/garage/Cargo.toml
index 35d87a3e..00975738 100644
--- a/src/garage/Cargo.toml
+++ b/src/garage/Cargo.toml
@@ -67,6 +67,7 @@ chrono = "0.4"
 http = "0.2"
 hmac = "0.12"
 hyper = { version = "0.14", features = ["client", "http1", "runtime"] }
+mktemp = "0.5"
 sha2 = "0.10"
 
 static_init = "1.0"
diff --git a/src/garage/main.rs b/src/garage/main.rs
index a9f1ad29..d89762e4 100644
--- a/src/garage/main.rs
+++ b/src/garage/main.rs
@@ -7,6 +7,7 @@ extern crate tracing;
 mod admin;
 mod cli;
 mod repair;
+mod secrets;
 mod server;
 #[cfg(feature = "telemetry-otlp")]
 mod tracing_setup;
@@ -25,7 +26,6 @@ use structopt::StructOpt;
 use netapp::util::parse_and_resolve_peer_addr;
 use netapp::NetworkKey;
 
-use garage_util::config::{read_secret_file, Config};
 use garage_util::error::*;
 
 use garage_rpc::system::*;
@@ -35,6 +35,7 @@ use garage_model::helper::error::Error as HelperError;
 
 use admin::*;
 use cli::*;
+use secrets::Secrets;
 
 #[derive(StructOpt, Debug)]
 #[structopt(
@@ -63,39 +64,6 @@ struct Opt {
 	cmd: Command,
 }
 
-#[derive(StructOpt, Debug)]
-pub struct Secrets {
-	/// RPC secret network key, used to replace rpc_secret in config.toml when running the
-	/// daemon or doing admin operations
-	#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
-	pub rpc_secret: Option<String>,
-
-	/// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret
-	/// when running the daemon or doing admin operations
-	#[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")]
-	pub rpc_secret_file: Option<String>,
-
-	/// Admin API authentication token, replaces admin.admin_token in config.toml when
-	/// running the Garage daemon
-	#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
-	pub admin_token: Option<String>,
-
-	/// Admin API authentication token file path, replaces admin.admin_token in config.toml
-	/// and admin-token when running the Garage daemon
-	#[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")]
-	pub admin_token_file: Option<String>,
-
-	/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
-	/// running the Garage daemon
-	#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
-	pub metrics_token: Option<String>,
-
-	/// Metrics API authentication token file path, replaces admin.metrics_token in config.toml
-	/// and metrics-token when running the Garage daemon
-	#[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")]
-	pub metrics_token_file: Option<String>,
-}
-
 #[tokio::main]
 async fn main() {
 	// Initialize version and features info
@@ -273,25 +241,3 @@ async fn cli_command(opt: Opt) -> Result<(), Error> {
 		Ok(x) => Ok(x),
 	}
 }
-
-fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Error> {
-	if secrets.rpc_secret.is_some() {
-		config.rpc_secret = secrets.rpc_secret;
-	} else if secrets.rpc_secret_file.is_some() {
-		config.rpc_secret = Some(read_secret_file(&secrets.rpc_secret_file.unwrap())?);
-	}
-
-	if secrets.admin_token.is_some() {
-		config.admin.admin_token = secrets.admin_token;
-	} else if secrets.admin_token_file.is_some() {
-		config.admin.admin_token = Some(read_secret_file(&secrets.admin_token_file.unwrap())?);
-	}
-
-	if secrets.metrics_token.is_some() {
-		config.admin.metrics_token = secrets.metrics_token;
-	} else if secrets.metrics_token_file.is_some() {
-		config.admin.metrics_token = Some(read_secret_file(&secrets.metrics_token_file.unwrap())?);
-	}
-
-	Ok(config)
-}
diff --git a/src/garage/repair/offline.rs b/src/garage/repair/offline.rs
index beb48d65..45024e71 100644
--- a/src/garage/repair/offline.rs
+++ b/src/garage/repair/offline.rs
@@ -6,7 +6,7 @@ use garage_util::error::*;
 use garage_model::garage::Garage;
 
 use crate::cli::structs::*;
-use crate::{fill_secrets, Secrets};
+use crate::secrets::{fill_secrets, Secrets};
 
 pub async fn offline_repair(
 	config_file: PathBuf,
diff --git a/src/garage/secrets.rs b/src/garage/secrets.rs
new file mode 100644
index 00000000..c40c3cc9
--- /dev/null
+++ b/src/garage/secrets.rs
@@ -0,0 +1,280 @@
+use structopt::StructOpt;
+
+use garage_util::config::Config;
+use garage_util::error::Error;
+
+/// Structure for secret values or paths that are passed as CLI arguments or environment
+/// variables, instead of in the config file.
+#[derive(StructOpt, Debug, Default, Clone)]
+pub struct Secrets {
+	/// Skip permission check on files containing secrets
+	#[cfg(unix)]
+	#[structopt(
+		long = "allow-world-readable-secrets",
+		env = "GARAGE_ALLOW_WORLD_READABLE_SECRETS"
+	)]
+	pub allow_world_readable_secrets: Option<bool>,
+
+	/// RPC secret network key, used to replace rpc_secret in config.toml when running the
+	/// daemon or doing admin operations
+	#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
+	pub rpc_secret: Option<String>,
+
+	/// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret
+	/// when running the daemon or doing admin operations
+	#[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")]
+	pub rpc_secret_file: Option<String>,
+
+	/// Admin API authentication token, replaces admin.admin_token in config.toml when
+	/// running the Garage daemon
+	#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
+	pub admin_token: Option<String>,
+
+	/// Admin API authentication token file path, replaces admin.admin_token in config.toml
+	/// and admin-token when running the Garage daemon
+	#[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")]
+	pub admin_token_file: Option<String>,
+
+	/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
+	/// running the Garage daemon
+	#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
+	pub metrics_token: Option<String>,
+
+	/// Metrics API authentication token file path, replaces admin.metrics_token in config.toml
+	/// and metrics-token when running the Garage daemon
+	#[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")]
+	pub metrics_token_file: Option<String>,
+}
+
+/// Single function to fill all secrets in the Config struct from their correct source (value
+/// from config or CLI param or env variable or read from a file specified in config or CLI
+/// param or env variable)
+pub fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Error> {
+	let allow_world_readable = secrets
+		.allow_world_readable_secrets
+		.unwrap_or(config.allow_world_readable_secrets);
+
+	fill_secret(
+		&mut config.rpc_secret,
+		&config.rpc_secret_file,
+		&secrets.rpc_secret,
+		&secrets.rpc_secret_file,
+		"rpc_secret",
+		allow_world_readable,
+	)?;
+
+	fill_secret(
+		&mut config.admin.admin_token,
+		&config.admin.admin_token_file,
+		&secrets.admin_token,
+		&secrets.admin_token_file,
+		"admin.admin_token",
+		allow_world_readable,
+	)?;
+	fill_secret(
+		&mut config.admin.metrics_token,
+		&config.admin.metrics_token_file,
+		&secrets.metrics_token,
+		&secrets.metrics_token_file,
+		"admin.metrics_token",
+		allow_world_readable,
+	)?;
+
+	Ok(config)
+}
+
+fn fill_secret(
+	config_secret: &mut Option<String>,
+	config_secret_file: &Option<String>,
+	cli_secret: &Option<String>,
+	cli_secret_file: &Option<String>,
+	name: &'static str,
+	allow_world_readable: bool,
+) -> Result<(), Error> {
+	let cli_value = match (&cli_secret, &cli_secret_file) {
+		(Some(_), Some(_)) => {
+			return Err(format!("only one of `{}` and `{}_file` can be set", name, name).into());
+		}
+		(Some(secret), None) => Some(secret.to_string()),
+		(None, Some(file)) => Some(read_secret_file(file, allow_world_readable)?),
+		(None, None) => None,
+	};
+
+	if let Some(val) = cli_value {
+		if config_secret.is_some() || config_secret_file.is_some() {
+			debug!("Overriding secret `{}` using value specified using CLI argument or environnement variable.", name);
+		}
+
+		*config_secret = Some(val);
+	} else if let Some(file_path) = &config_secret_file {
+		if config_secret.is_some() {
+			return Err(format!("only one of `{}` and `{}_file` can be set", name, name).into());
+		}
+
+		*config_secret = Some(read_secret_file(file_path, allow_world_readable)?);
+	}
+
+	Ok(())
+}
+
+fn read_secret_file(file_path: &String, allow_world_readable: bool) -> Result<String, Error> {
+	if !allow_world_readable {
+		#[cfg(unix)]
+		{
+			use std::os::unix::fs::MetadataExt;
+			let metadata = std::fs::metadata(file_path)?;
+			if metadata.mode() & 0o077 != 0 {
+				return Err(format!("File {} is world-readable! (mode: 0{:o}, expected 0600)\nRefusing to start until this is fixed, or environment variable GARAGE_ALLOW_WORLD_READABLE_SECRETS is set to true.", file_path, metadata.mode()).into());
+			}
+		}
+	}
+
+	let secret_buf = std::fs::read_to_string(file_path)?;
+
+	// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
+	//           also editors sometimes add a trailing newline
+	Ok(String::from(secret_buf.trim_end()))
+}
+
+#[cfg(test)]
+mod tests {
+	use std::fs::File;
+	use std::io::Write;
+
+	use garage_util::config::read_config;
+	use garage_util::error::Error;
+
+	use super::*;
+
+	#[test]
+	fn test_rpc_secret_file_works() -> Result<(), Error> {
+		let path_secret = mktemp::Temp::new_file()?;
+		let mut file_secret = File::create(path_secret.as_path())?;
+		writeln!(file_secret, "foo")?;
+		drop(file_secret);
+
+		let path_config = mktemp::Temp::new_file()?;
+		let mut file_config = File::create(path_config.as_path())?;
+		let path_secret_path = path_secret.as_path();
+		writeln!(
+			file_config,
+			r#"
+			metadata_dir = "/tmp/garage/meta"
+			data_dir = "/tmp/garage/data"
+			replication_mode = "3"
+			rpc_bind_addr = "[::]:3901"
+			rpc_secret_file = "{}"
+
+			[s3_api]
+			s3_region = "garage"
+			api_bind_addr = "[::]:3900"
+			"#,
+			path_secret_path.display()
+		)?;
+		drop(file_config);
+
+		// Second configuration file, same as previous one
+		// except it allows world-readable secrets.
+		let path_config_allow_world_readable = mktemp::Temp::new_file()?;
+		let mut file_config_allow_world_readable =
+			File::create(path_config_allow_world_readable.as_path())?;
+		writeln!(
+			file_config_allow_world_readable,
+			r#"
+			metadata_dir = "/tmp/garage/meta"
+			data_dir = "/tmp/garage/data"
+			replication_mode = "3"
+			rpc_bind_addr = "[::]:3901"
+			rpc_secret_file = "{}"
+			allow_world_readable_secrets = true
+
+			[s3_api]
+			s3_region = "garage"
+			api_bind_addr = "[::]:3900"
+			"#,
+			path_secret_path.display()
+		)?;
+		drop(file_config_allow_world_readable);
+
+		let config = read_config(path_config.to_path_buf())?;
+		let config = fill_secrets(config, Secrets::default())?;
+		assert_eq!("foo", config.rpc_secret.unwrap());
+
+		#[cfg(unix)]
+		{
+			// Check non world-readable secrets config
+
+			let secrets_allow_world_readable = Secrets {
+				allow_world_readable_secrets: Some(true),
+				..Default::default()
+			};
+			let secrets_no_allow_world_readable = Secrets {
+				allow_world_readable_secrets: Some(false),
+				..Default::default()
+			};
+
+			use std::os::unix::fs::PermissionsExt;
+			let metadata = std::fs::metadata(&path_secret_path)?;
+			let mut perm = metadata.permissions();
+			perm.set_mode(0o660);
+			std::fs::set_permissions(&path_secret_path, perm)?;
+
+			// Config file that just specifies the path
+			let config = read_config(path_config.to_path_buf())?;
+			assert!(fill_secrets(config, Secrets::default()).is_err());
+
+			let config = read_config(path_config.to_path_buf())?;
+			assert!(fill_secrets(config, secrets_allow_world_readable.clone()).is_ok());
+
+			let config = read_config(path_config.to_path_buf())?;
+			assert!(fill_secrets(config, secrets_no_allow_world_readable.clone()).is_err());
+
+			// Config file that also specifies to allow world_readable_secrets
+			let config = read_config(path_config_allow_world_readable.to_path_buf())?;
+			assert!(fill_secrets(config, Secrets::default()).is_ok());
+
+			let config = read_config(path_config_allow_world_readable.to_path_buf())?;
+			assert!(fill_secrets(config, secrets_allow_world_readable).is_ok());
+
+			let config = read_config(path_config_allow_world_readable.to_path_buf())?;
+			assert!(fill_secrets(config, secrets_no_allow_world_readable).is_err());
+		}
+
+		drop(path_secret);
+		drop(path_config);
+		drop(path_config_allow_world_readable);
+
+		Ok(())
+	}
+
+	#[test]
+	fn test_rcp_secret_and_rpc_secret_file_cannot_be_set_both() -> Result<(), Error> {
+		let path_config = mktemp::Temp::new_file()?;
+		let mut file_config = File::create(path_config.as_path())?;
+		writeln!(
+			file_config,
+			r#"
+			metadata_dir = "/tmp/garage/meta"
+			data_dir = "/tmp/garage/data"
+			replication_mode = "3"
+			rpc_bind_addr = "[::]:3901"
+			rpc_secret= "dummy"
+			rpc_secret_file = "dummy"
+
+			[s3_api]
+			s3_region = "garage"
+			api_bind_addr = "[::]:3900"
+			"#
+		)?;
+		let config = read_config(path_config.to_path_buf())?;
+		assert_eq!(
+			"only one of `rpc_secret` and `rpc_secret_file` can be set",
+			fill_secrets(config, Secrets::default())
+				.unwrap_err()
+				.to_string()
+		);
+		drop(path_config);
+		drop(file_config);
+		Ok(())
+	}
+}
diff --git a/src/garage/server.rs b/src/garage/server.rs
index 96ea900d..25d4b845 100644
--- a/src/garage/server.rs
+++ b/src/garage/server.rs
@@ -15,9 +15,9 @@ use garage_web::WebServer;
 use garage_api::k2v::api_server::K2VApiServer;
 
 use crate::admin::*;
+use crate::secrets::{fill_secrets, Secrets};
 #[cfg(feature = "telemetry-otlp")]
 use crate::tracing_setup::*;
-use crate::{fill_secrets, Secrets};
 
 async fn wait_from(mut chan: watch::Receiver<bool>) {
 	while !*chan.borrow() {
diff --git a/src/util/config.rs b/src/util/config.rs
index 2271dd1c..add78278 100644
--- a/src/util/config.rs
+++ b/src/util/config.rs
@@ -1,6 +1,5 @@
 //! Contains type and functions related to Garage configuration file
 use std::convert::TryFrom;
-use std::io::Read;
 use std::net::SocketAddr;
 use std::path::PathBuf;
 
@@ -198,6 +197,13 @@ pub struct KubernetesDiscoveryConfig {
 	pub skip_crd: bool,
 }
 
+/// Read and parse configuration
+pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
+	let config = std::fs::read_to_string(config_file)?;
+
+	Ok(toml::from_str(&config)?)
+}
+
 fn default_db_engine() -> String {
 	"sled".into()
 }
@@ -212,105 +218,6 @@ fn default_block_size() -> usize {
 	1048576
 }
 
-/// Read and parse configuration
-pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
-	let mut file = std::fs::OpenOptions::new()
-		.read(true)
-		.open(config_file.as_path())?;
-
-	let mut config = String::new();
-	file.read_to_string(&mut config)?;
-
-	let mut parsed_config: Config = toml::from_str(&config)?;
-
-	secret_from_file(
-		&mut parsed_config.rpc_secret,
-		&parsed_config.rpc_secret_file,
-		"rpc_secret",
-		parsed_config.allow_world_readable_secrets,
-	)?;
-	secret_from_file(
-		&mut parsed_config.admin.metrics_token,
-		&parsed_config.admin.metrics_token_file,
-		"admin.metrics_token",
-		parsed_config.allow_world_readable_secrets,
-	)?;
-	secret_from_file(
-		&mut parsed_config.admin.admin_token,
-		&parsed_config.admin.admin_token_file,
-		"admin.admin_token",
-		parsed_config.allow_world_readable_secrets,
-	)?;
-
-	Ok(parsed_config)
-}
-
-pub fn read_secret_file(file_path: &String) -> Result<String, Error> {
-	#[cfg(unix)]
-	if std::env::var("GARAGE_ALLOW_WORLD_READABLE_SECRETS").as_deref() != Ok("true") {
-		use std::os::unix::fs::MetadataExt;
-		let metadata = std::fs::metadata(file_path)?;
-		if metadata.mode() & 0o077 != 0 {
-			return Err(format!("File {} is world-readable! (mode: 0{:o}, expected 0600)\nRefusing to start until this is fixed, or environment variable GARAGE_ALLOW_WORLD_READABLE_SECRETS is set to true.", file_path, metadata.mode()).into());
-		}
-	}
-	let mut file = std::fs::OpenOptions::new().read(true).open(file_path)?;
-	let mut secret_buf = String::new();
-	file.read_to_string(&mut secret_buf)?;
-
-	// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
-	//           also editors sometimes add a trailing newline
-	Ok(String::from(secret_buf.trim_end()))
-}
-
-fn secret_from_file(
-	secret: &mut Option<String>,
-	secret_file: &Option<String>,
-	name: &'static str,
-	conf_allow_world_readable: bool,
-) -> Result<(), Error> {
-	match (&secret, &secret_file) {
-		(_, None) => {
-			// no-op
-		}
-		(Some(_), Some(_)) => {
-			return Err(format!("only one of `{}` and `{}_file` can be set", name, name).into());
-		}
-		(None, Some(file_path)) => {
-			#[cfg(unix)]
-			// decide whether to ignore or check permission
-			// bits. GARAGE_ALLOW_WORLD_READABLE_SECRETS
-			// always takes precedence over what's specified
-			// in the config file, to allow overriding it in
-			// case the config file is read-only.
-			let ignore_perms = {
-				let ignore_perms_env = std::env::var("GARAGE_ALLOW_WORLD_READABLE_SECRETS");
-				if ignore_perms_env.as_deref() == Ok("true") {
-					true
-				} else if ignore_perms_env.as_deref() == Ok("false") {
-					false
-				} else {
-					conf_allow_world_readable
-				}
-			};
-			if !ignore_perms {
-				use std::os::unix::fs::MetadataExt;
-				let metadata = std::fs::metadata(file_path)?;
-				if metadata.mode() & 0o077 != 0 {
-					return Err(format!("File {} is world-readable! (mode: 0{:o}, expected 0600)\nRefusing to start until this is fixed, or environment variable GARAGE_ALLOW_WORLD_READABLE_SECRETS is set to true.", file_path, metadata.mode()).into());
-				}
-			}
-			let mut file = std::fs::OpenOptions::new().read(true).open(file_path)?;
-			let mut secret_buf = String::new();
-			file.read_to_string(&mut secret_buf)?;
-			// trim_end: allows for use case such as `echo "$(openssl rand -hex 32)" > somefile`.
-			//           also editors sometimes add a trailing newline
-			*secret = Some(String::from(secret_buf.trim_end()));
-		}
-	}
-	Ok(())
-}
-
 fn default_compression() -> Option<i32> {
 	Some(1)
 }
@@ -439,117 +346,4 @@ mod tests {
 
 		Ok(())
 	}
-
-	#[test]
-	fn test_rpc_secret_file_works() -> Result<(), Error> {
-		let path_secret = mktemp::Temp::new_file()?;
-		let mut file_secret = File::create(path_secret.as_path())?;
-		writeln!(file_secret, "foo")?;
-		drop(file_secret);
-
-		let path_config = mktemp::Temp::new_file()?;
-		let mut file_config = File::create(path_config.as_path())?;
-		let path_secret_path = path_secret.as_path();
-		writeln!(
-			file_config,
-			r#"
-			metadata_dir = "/tmp/garage/meta"
-			data_dir = "/tmp/garage/data"
-			replication_mode = "3"
-			rpc_bind_addr = "[::]:3901"
-			rpc_secret_file = "{}"
-
-			[s3_api]
-			s3_region = "garage"
-			api_bind_addr = "[::]:3900"
-			"#,
-			path_secret_path.display()
-		)?;
-
-		// Second configuration file, same as previous one
-		// except it allows world-readable secrets.
-		let path_config_allow_world_readable = mktemp::Temp::new_file()?;
-		let mut file_config_allow_world_readable =
-			File::create(path_config_allow_world_readable.as_path())?;
-		writeln!(
-			file_config_allow_world_readable,
-			r#"
-			metadata_dir = "/tmp/garage/meta"
-			data_dir = "/tmp/garage/data"
-			replication_mode = "3"
-			rpc_bind_addr = "[::]:3901"
-			rpc_secret_file = "{}"
-                        allow_world_readable_secrets = true
-
-			[s3_api]
-			s3_region = "garage"
-			api_bind_addr = "[::]:3900"
-			"#,
-			path_secret_path.display()
-		)?;
-
-		let mut config = super::read_config(path_config.to_path_buf())?;
-		assert_eq!("foo", config.rpc_secret.unwrap());
-		#[cfg(unix)]
-		{
-			// Check non world-readable secrets config
-			use std::os::unix::fs::PermissionsExt;
-			let metadata = std::fs::metadata(&path_secret_path)?;
-			let mut perm = metadata.permissions();
-			perm.set_mode(0o660);
-			std::fs::set_permissions(&path_secret_path, perm)?;
-
-			std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "false");
-			assert!(super::read_config(path_config.to_path_buf()).is_err());
-
-			std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "true");
-			assert!(super::read_config(path_config.to_path_buf()).is_ok());
-
-			std::env::remove_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS");
-
-			// Check world-readable secrets config.
-			assert!(super::read_config(path_config_allow_world_readable.to_path_buf()).is_ok());
-
-			std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "false");
-			assert!(super::read_config(path_config_allow_world_readable.to_path_buf()).is_err());
-
-			std::env::set_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS", "true");
-			assert!(super::read_config(path_config_allow_world_readable.to_path_buf()).is_ok());
-		}
-		std::env::remove_var("GARAGE_ALLOW_WORLD_READABLE_SECRETS");
-		drop(path_config);
-		drop(path_secret);
-		drop(file_config);
-		Ok(())
-	}
-
-	#[test]
-	fn test_rcp_secret_and_rpc_secret_file_cannot_be_set_both() -> Result<(), Error> {
-		let path_config = mktemp::Temp::new_file()?;
-		let mut file_config = File::create(path_config.as_path())?;
-		writeln!(
-			file_config,
-			r#"
-			metadata_dir = "/tmp/garage/meta"
-			data_dir = "/tmp/garage/data"
-			replication_mode = "3"
-			rpc_bind_addr = "[::]:3901"
-			rpc_secret= "dummy"
-			rpc_secret_file = "dummy"
-
-			[s3_api]
-			s3_region = "garage"
-			api_bind_addr = "[::]:3900"
-			"#
-		)?;
-		assert_eq!(
-			"only one of `rpc_secret` and `rpc_secret_file` can be set",
-			super::read_config(path_config.to_path_buf())
-				.unwrap_err()
-				.to_string()
-		);
-		drop(path_config);
-		drop(file_config);
-		Ok(())
-	}
 }