Secrets can be passed directly in config, as file, or as env #499

Merged
lx merged 2 commits from config-files-env into main 2023-02-06 14:18:59 +00:00
3 changed files with 11 additions and 10 deletions
Showing only changes of commit 80e2326998 - Show all commits

View file

@ -269,7 +269,7 @@ communicate together. The RPC secret is a 32-byte hex-encoded random string,
which can be generated with a command such as `openssl rand -hex 32`.
The RPC secret should be specified in the `rpc_secret` configuration variable.
Since Garage v0.8.2, the RPC secret can also be stored in a file whose path is
Since Garage `v0.8.2`, the RPC secret can also be stored in a file whose path is
given in the configuration variable `rpc_secret_file`, or specified as an
environment variable `GARAGE_RPC_SECRET`.
@ -420,8 +420,8 @@ Metrics endpoint can be accessed without access control.
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
`metrics_token` was introduced in Garage version 0.7.2.
`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage version 0.8.2.
`metrics_token` was introduced in Garage `v0.7.2`.
`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage `v0.8.2`.
### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN` (env)
@ -431,8 +431,8 @@ token is not set, access to these endpoints is disabled entirely.
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
`admin_token` was introduced in Garage version 0.7.2.
`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage version 0.8.2.
`admin_token` was introduced in Garage `v0.7.2`.
`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`.
### `trace_sink`

View file

@ -65,7 +65,8 @@ struct Opt {
#[derive(StructOpt, Debug)]
pub struct Secrets {
/// RPC secret network key, used to replace rpc_secret in config.toml when running the daemon or doing admin operations
/// RPC secret network key, used to replace rpc_secret in config.toml when running the
/// daemon or doing admin operations
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
pub rpc_secret: Option<String>,

View file

@ -190,17 +190,17 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
secret_from_file(
&mut parsed_config.rpc_secret,
&mut parsed_config.rpc_secret_file,
&parsed_config.rpc_secret_file,
"rpc_secret",
)?;
secret_from_file(
&mut parsed_config.admin.metrics_token,
&mut parsed_config.admin.metrics_token_file,
&parsed_config.admin.metrics_token_file,
"admin.metrics_token",
)?;
secret_from_file(
&mut parsed_config.admin.admin_token,
&mut parsed_config.admin.admin_token_file,
&parsed_config.admin.admin_token_file,
"admin.admin_token",
)?;
@ -209,7 +209,7 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
fn secret_from_file(
secret: &mut Option<String>,
secret_file: &mut Option<String>,
secret_file: &Option<String>,
name: &'static str,
) -> Result<(), Error> {
match (&secret, &secret_file) {