Secrets can be passed directly in config, as file, or as env #499
3 changed files with 11 additions and 10 deletions
|
@ -269,7 +269,7 @@ communicate together. The RPC secret is a 32-byte hex-encoded random string,
|
||||||
which can be generated with a command such as `openssl rand -hex 32`.
|
which can be generated with a command such as `openssl rand -hex 32`.
|
||||||
|
|
||||||
The RPC secret should be specified in the `rpc_secret` configuration variable.
|
The RPC secret should be specified in the `rpc_secret` configuration variable.
|
||||||
Since Garage v0.8.2, the RPC secret can also be stored in a file whose path is
|
Since Garage `v0.8.2`, the RPC secret can also be stored in a file whose path is
|
||||||
given in the configuration variable `rpc_secret_file`, or specified as an
|
given in the configuration variable `rpc_secret_file`, or specified as an
|
||||||
environment variable `GARAGE_RPC_SECRET`.
|
environment variable `GARAGE_RPC_SECRET`.
|
||||||
|
|
||||||
|
@ -420,8 +420,8 @@ Metrics endpoint can be accessed without access control.
|
||||||
|
|
||||||
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
||||||
|
|
||||||
`metrics_token` was introduced in Garage version 0.7.2.
|
`metrics_token` was introduced in Garage `v0.7.2`.
|
||||||
|
|||||||
`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage version 0.8.2.
|
`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage `v0.8.2`.
|
||||||
|
|
||||||
|
|
||||||
### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN` (env)
|
### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN` (env)
|
||||||
|
@ -431,8 +431,8 @@ token is not set, access to these endpoints is disabled entirely.
|
||||||
|
|
||||||
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
||||||
|
|
||||||
`admin_token` was introduced in Garage version 0.7.2.
|
`admin_token` was introduced in Garage `v0.7.2`.
|
||||||
`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage version 0.8.2.
|
`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`.
|
||||||
|
|
||||||
|
|
||||||
### `trace_sink`
|
### `trace_sink`
|
||||||
|
|
|
@ -65,7 +65,8 @@ struct Opt {
|
||||||
|
|
||||||
#[derive(StructOpt, Debug)]
|
#[derive(StructOpt, Debug)]
|
||||||
pub struct Secrets {
|
pub struct Secrets {
|
||||||
/// RPC secret network key, used to replace rpc_secret in config.toml when running the daemon or doing admin operations
|
/// RPC secret network key, used to replace rpc_secret in config.toml when running the
|
||||||
lx
commented
split comment split comment
|
|||||||
|
/// daemon or doing admin operations
|
||||||
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
||||||
pub rpc_secret: Option<String>,
|
pub rpc_secret: Option<String>,
|
||||||
|
|
||||||
|
|
|
@ -190,17 +190,17 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
||||||
|
|
||||||
secret_from_file(
|
secret_from_file(
|
||||||
&mut parsed_config.rpc_secret,
|
&mut parsed_config.rpc_secret,
|
||||||
&mut parsed_config.rpc_secret_file,
|
&parsed_config.rpc_secret_file,
|
||||||
lx
commented
second argument not mut second argument not mut
|
|||||||
"rpc_secret",
|
"rpc_secret",
|
||||||
)?;
|
)?;
|
||||||
secret_from_file(
|
secret_from_file(
|
||||||
&mut parsed_config.admin.metrics_token,
|
&mut parsed_config.admin.metrics_token,
|
||||||
&mut parsed_config.admin.metrics_token_file,
|
&parsed_config.admin.metrics_token_file,
|
||||||
"admin.metrics_token",
|
"admin.metrics_token",
|
||||||
)?;
|
)?;
|
||||||
secret_from_file(
|
secret_from_file(
|
||||||
&mut parsed_config.admin.admin_token,
|
&mut parsed_config.admin.admin_token,
|
||||||
&mut parsed_config.admin.admin_token_file,
|
&parsed_config.admin.admin_token_file,
|
||||||
"admin.admin_token",
|
"admin.admin_token",
|
||||||
)?;
|
)?;
|
||||||
|
|
||||||
|
@ -209,7 +209,7 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
||||||
|
|
||||||
fn secret_from_file(
|
fn secret_from_file(
|
||||||
secret: &mut Option<String>,
|
secret: &mut Option<String>,
|
||||||
secret_file: &mut Option<String>,
|
secret_file: &Option<String>,
|
||||||
name: &'static str,
|
name: &'static str,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
match (&secret, &secret_file) {
|
match (&secret, &secret_file) {
|
||||||
|
|
Loading…
Reference in a new issue
v0.7.2