Secrets can be passed directly in config, as file, or as env #499
3 changed files with 11 additions and 10 deletions
|
@ -269,7 +269,7 @@ communicate together. The RPC secret is a 32-byte hex-encoded random string,
|
|||
which can be generated with a command such as `openssl rand -hex 32`.
|
||||
|
||||
The RPC secret should be specified in the `rpc_secret` configuration variable.
|
||||
Since Garage v0.8.2, the RPC secret can also be stored in a file whose path is
|
||||
Since Garage `v0.8.2`, the RPC secret can also be stored in a file whose path is
|
||||
given in the configuration variable `rpc_secret_file`, or specified as an
|
||||
environment variable `GARAGE_RPC_SECRET`.
|
||||
|
||||
|
@ -420,8 +420,8 @@ Metrics endpoint can be accessed without access control.
|
|||
|
||||
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
||||
|
||||
`metrics_token` was introduced in Garage version 0.7.2.
|
||||
`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage version 0.8.2.
|
||||
`metrics_token` was introduced in Garage `v0.7.2`.
|
||||
|
||||
`metrics_token_file` and the `GARAGE_METRICS_TOKEN` environment variable are supported since Garage `v0.8.2`.
|
||||
|
||||
|
||||
### `admin_token`, `admin_token_file` or `GARAGE_ADMIN_TOKEN` (env)
|
||||
|
@ -431,8 +431,8 @@ token is not set, access to these endpoints is disabled entirely.
|
|||
|
||||
You can use any random string for this value. We recommend generating a random token with `openssl rand -hex 32`.
|
||||
|
||||
`admin_token` was introduced in Garage version 0.7.2.
|
||||
`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage version 0.8.2.
|
||||
`admin_token` was introduced in Garage `v0.7.2`.
|
||||
`admin_token_file` and the `GARAGE_ADMIN_TOKEN` environment variable are supported since Garage `v0.8.2`.
|
||||
|
||||
|
||||
### `trace_sink`
|
||||
|
|
|
@ -65,7 +65,8 @@ struct Opt {
|
|||
|
||||
#[derive(StructOpt, Debug)]
|
||||
pub struct Secrets {
|
||||
/// RPC secret network key, used to replace rpc_secret in config.toml when running the daemon or doing admin operations
|
||||
/// RPC secret network key, used to replace rpc_secret in config.toml when running the
|
||||
lx
commented
split comment split comment
|
||||
/// daemon or doing admin operations
|
||||
#[structopt(short = "s", long = "rpc-secret", env = "GARAGE_RPC_SECRET")]
|
||||
pub rpc_secret: Option<String>,
|
||||
|
||||
|
|
|
@ -190,17 +190,17 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
|||
|
||||
secret_from_file(
|
||||
&mut parsed_config.rpc_secret,
|
||||
&mut parsed_config.rpc_secret_file,
|
||||
&parsed_config.rpc_secret_file,
|
||||
lx
commented
second argument not mut second argument not mut
|
||||
"rpc_secret",
|
||||
)?;
|
||||
secret_from_file(
|
||||
&mut parsed_config.admin.metrics_token,
|
||||
&mut parsed_config.admin.metrics_token_file,
|
||||
&parsed_config.admin.metrics_token_file,
|
||||
"admin.metrics_token",
|
||||
)?;
|
||||
secret_from_file(
|
||||
&mut parsed_config.admin.admin_token,
|
||||
&mut parsed_config.admin.admin_token_file,
|
||||
&parsed_config.admin.admin_token_file,
|
||||
"admin.admin_token",
|
||||
)?;
|
||||
|
||||
|
@ -209,7 +209,7 @@ pub fn read_config(config_file: PathBuf) -> Result<Config, Error> {
|
|||
|
||||
fn secret_from_file(
|
||||
secret: &mut Option<String>,
|
||||
secret_file: &mut Option<String>,
|
||||
secret_file: &Option<String>,
|
||||
name: &'static str,
|
||||
) -> Result<(), Error> {
|
||||
match (&secret, &secret_file) {
|
||||
|
|
Loading…
Reference in a new issue
v0.7.2