aboutsummaryrefslogtreecommitdiff
path: root/src/garage/main.rs
diff options
context:
space:
mode:
authornetworkException <git@nwex.de>2023-10-19 03:39:02 +0200
committernetworkException <git@nwex.de>2023-10-19 03:39:02 +0200
commit8599051c492d7df22305e4c65659395d9102955c (patch)
treed5ddd8db2363557c971c775c8ecbaa4c7e24075e /src/garage/main.rs
parent4a19ee94bb9c846af1c74db8ba501b4ff625a3f6 (diff)
downloadgarage-8599051c492d7df22305e4c65659395d9102955c.tar.gz
garage-8599051c492d7df22305e4c65659395d9102955c.zip
garage: support specifying token / secret as environment variables
this patch adds support for specifying the `rpc_secret_file`, `metrics_token_file` and `admin_token_file` as environment variables.
Diffstat (limited to 'src/garage/main.rs')
-rw-r--r--src/garage/main.rs30
1 files changed, 27 insertions, 3 deletions
diff --git a/src/garage/main.rs b/src/garage/main.rs
index 09e77b35..ab84fa11 100644
--- a/src/garage/main.rs
+++ b/src/garage/main.rs
@@ -25,7 +25,7 @@ use structopt::StructOpt;
use netapp::util::parse_and_resolve_peer_addr;
use netapp::NetworkKey;
-use garage_util::config::Config;
+use garage_util::config::{read_secret_file, Config};
use garage_util::error::*;
use garage_rpc::system::*;
@@ -70,15 +70,30 @@ pub struct Secrets {
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
pub rpc_secret: Option<String>,
+ /// RPC secret network key, used to replace rpc_secret in config.toml and rpc-secret
+ /// when running the daemon or doing admin operations
+ #[structopt(long = "rpc-secret-file", env = "GARAGE_RPC_SECRET_FILE")]
+ pub rpc_secret_file: Option<String>,
+
/// Admin API authentication token, replaces admin.admin_token in config.toml when
/// running the Garage daemon
#[structopt(long = "admin-token", env = "GARAGE_ADMIN_TOKEN")]
pub admin_token: Option<String>,
+ /// Admin API authentication token file path, replaces admin.admin_token in config.toml
+ /// and admin-token when running the Garage daemon
+ #[structopt(long = "admin-token-file", env = "GARAGE_ADMIN_TOKEN_FILE")]
+ pub admin_token_file: Option<String>,
+
/// Metrics API authentication token, replaces admin.metrics_token in config.toml when
/// running the Garage daemon
#[structopt(long = "metrics-token", env = "GARAGE_METRICS_TOKEN")]
pub metrics_token: Option<String>,
+
+ /// Metrics API authentication token file path, replaces admin.metrics_token in config.toml
+ /// and metrics-token when running the Garage daemon
+ #[structopt(long = "metrics-token-file", env = "GARAGE_METRICS_TOKEN_FILE")]
+ pub metrics_token_file: Option<String>,
}
#[tokio::main]
@@ -256,15 +271,24 @@ async fn cli_command(opt: Opt) -> Result<(), Error> {
}
}
-fn fill_secrets(mut config: Config, secrets: Secrets) -> Config {
+fn fill_secrets(mut config: Config, secrets: Secrets) -> Result<Config, Error> {
if secrets.rpc_secret.is_some() {
config.rpc_secret = secrets.rpc_secret;
+ } else if secrets.rpc_secret_file.is_some() {
+ config.rpc_secret = Some(read_secret_file(&secrets.rpc_secret_file.unwrap())?);
}
+
if secrets.admin_token.is_some() {
config.admin.admin_token = secrets.admin_token;
+ } else if secrets.admin_token_file.is_some() {
+ config.admin.admin_token = Some(read_secret_file(&secrets.admin_token_file.unwrap())?);
}
+
if secrets.metrics_token.is_some() {
config.admin.metrics_token = secrets.metrics_token;
+ } else if secrets.metrics_token_file.is_some() {
+ config.admin.metrics_token = Some(read_secret_file(&secrets.metrics_token_file.unwrap())?);
}
- config
+
+ Ok(config)
}