From 486ae93a2afa637799e0c43d732a162a502a2fac Mon Sep 17 00:00:00 2001 From: Benedikt Ritter Date: Fri, 4 Oct 2024 15:41:50 +0200 Subject: [PATCH] Add possibility to pass secrets via files Resolves #30 --- README.md | 8 +++++++- main.go | 25 ++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 3deb949..f1eeb1e 100644 --- a/README.md +++ b/README.md @@ -126,6 +126,12 @@ like `::1234:5678:90ab:cdef` to `::1:1234:5678:90ab:cdef` |---------------------------|-------------------------------------------------| | DEVICE_LOCAL_ADDRESS_IPV6 | required, enter the local part of the device IP | +## Secrets + +Each secret can be passed either as an environment variable directly, or via a file. +In order to pass a secret via a file, append `_FILE` to the respective environment variable name and configure it to point to the file containing the secret. +For example in order to pass the Cloudflare API token via a file, configure an environment variable with name `CLOUDFLARE_API_TOKEN_FILE` with the absolute path to a file containing the secret. + ## Docker compose setup Here is an example `docker-compose.yml` with all features activated: @@ -188,4 +194,4 @@ trigger it by calling `http://127.0.0.1:8888/ip?v4=127.0.0.1&v6=::1` and review ## History & Credit -Most of the credit goes to [@adrianrudnik](https://github.com/adrianrudnik), who wrote and maintained the software for years. Meanwhile I stepped in at a later point when the repository was transferred to me to continue its basic maintenance should it be required. \ No newline at end of file +Most of the credit goes to [@adrianrudnik](https://github.com/adrianrudnik), who wrote and maintained the software for years. Meanwhile I stepped in at a later point when the repository was transferred to me to continue its basic maintenance should it be required. diff --git a/main.go b/main.go index b6082fb..6fd12e1 100644 --- a/main.go +++ b/main.go @@ -100,9 +100,9 @@ func newFritzBox() *avm.FritzBox { func newUpdater() *cloudflare.Updater { u := cloudflare.NewUpdater(slog.Default()) - token := os.Getenv("CLOUDFLARE_API_TOKEN") + token := readSecret("CLOUDFLARE_API_TOKEN") email := os.Getenv("CLOUDFLARE_API_EMAIL") - key := os.Getenv("CLOUDFLARE_API_KEY") + key := readSecret("CLOUDFLARE_API_KEY") if token == "" { if email == "" || key == "" { @@ -155,7 +155,7 @@ func startPushServer(out chan<- *net.IP, localIp *net.IP, cancel context.CancelC server := dyndns.NewServer(out, localIp, slog.Default()) server.Username = os.Getenv("DYNDNS_SERVER_USERNAME") - server.Password = os.Getenv("DYNDNS_SERVER_PASSWORD") + server.Password = readSecret("DYNDNS_SERVER_PASSWORD") s := &http.Server{ Addr: bind, @@ -272,3 +272,22 @@ func startPollServer(out chan<- *net.IP, localIp *net.IP) { } }() } + +func readSecret(envName string) string { + password := os.Getenv(envName) + + if password != "" { + return password + } + + passwordFilePath := os.Getenv(envName + "_FILE") + if passwordFilePath != "" { + content, err := os.ReadFile(passwordFilePath) + if err != nil { + slog.Error("Failed to read DynDns server password from file", logging.ErrorAttr(err)) + } else { + password = string(content) + } + } + return password +}