Skip to content

Commit

Permalink
Add possibility to pass secrets via files
Browse files Browse the repository at this point in the history
Resolves #30
  • Loading branch information
britter committed Oct 4, 2024
1 parent 4dfeaa3 commit 486ae93
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 4 deletions.
8 changes: 7 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,12 @@ like `::1234:5678:90ab:cdef` to `::1:1234:5678:90ab:cdef`
|---------------------------|-------------------------------------------------|
| DEVICE_LOCAL_ADDRESS_IPV6 | required, enter the local part of the device IP |

## Secrets

Each secret can be passed either as an environment variable directly, or via a file.
In order to pass a secret via a file, append `_FILE` to the respective environment variable name and configure it to point to the file containing the secret.
For example in order to pass the Cloudflare API token via a file, configure an environment variable with name `CLOUDFLARE_API_TOKEN_FILE` with the absolute path to a file containing the secret.

## Docker compose setup

Here is an example `docker-compose.yml` with all features activated:
Expand Down Expand Up @@ -188,4 +194,4 @@ trigger it by calling `http://127.0.0.1:8888/ip?v4=127.0.0.1&v6=::1` and review

## History & Credit

Most of the credit goes to [@adrianrudnik](https://github.com/adrianrudnik), who wrote and maintained the software for years. Meanwhile I stepped in at a later point when the repository was transferred to me to continue its basic maintenance should it be required.
Most of the credit goes to [@adrianrudnik](https://github.com/adrianrudnik), who wrote and maintained the software for years. Meanwhile I stepped in at a later point when the repository was transferred to me to continue its basic maintenance should it be required.
25 changes: 22 additions & 3 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,9 +100,9 @@ func newFritzBox() *avm.FritzBox {
func newUpdater() *cloudflare.Updater {
u := cloudflare.NewUpdater(slog.Default())

token := os.Getenv("CLOUDFLARE_API_TOKEN")
token := readSecret("CLOUDFLARE_API_TOKEN")
email := os.Getenv("CLOUDFLARE_API_EMAIL")
key := os.Getenv("CLOUDFLARE_API_KEY")
key := readSecret("CLOUDFLARE_API_KEY")

if token == "" {
if email == "" || key == "" {
Expand Down Expand Up @@ -155,7 +155,7 @@ func startPushServer(out chan<- *net.IP, localIp *net.IP, cancel context.CancelC

server := dyndns.NewServer(out, localIp, slog.Default())
server.Username = os.Getenv("DYNDNS_SERVER_USERNAME")
server.Password = os.Getenv("DYNDNS_SERVER_PASSWORD")
server.Password = readSecret("DYNDNS_SERVER_PASSWORD")

s := &http.Server{
Addr: bind,
Expand Down Expand Up @@ -272,3 +272,22 @@ func startPollServer(out chan<- *net.IP, localIp *net.IP) {
}
}()
}

func readSecret(envName string) string {
password := os.Getenv(envName)

if password != "" {
return password
}

passwordFilePath := os.Getenv(envName + "_FILE")
if passwordFilePath != "" {
content, err := os.ReadFile(passwordFilePath)
if err != nil {
slog.Error("Failed to read DynDns server password from file", logging.ErrorAttr(err))
} else {
password = string(content)
}
}
return password
}

0 comments on commit 486ae93

Please sign in to comment.