[fix] set sensitive fields as 'password'

tidalf · Feb 13, 2021 · 97d9864 · 97d9864
1 parent 5bf8c77
commit 97d9864
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -42,7 +42,7 @@ auto_provision: true
 ```
 - If you don't use unsafe auto unseal (it stores a token), you can specify a provisioning token (make it short lived)
 ````
-provision_token: a_token
+provision_token_password: a_token
 ````
 
 - You can create a default user with an admin policy attached like that: 
@@ -115,7 +115,7 @@ vault operator unseal $(decrypt $1)
 vault login $(decrypt $2)
 vault token create -ttl=2h
 
-echo "copy this token in the setting \"provision_token:\""
+echo "copy this token in the setting \"provision_token_password:\""
 echo "and set unsafe_downgrade: true"
 echo "then restart the addon, press enter when done"
 

diff --git a/config.json b/config.json
@@ -37,17 +37,17 @@
     "raft_path": "str",
     "node_id": "str",
     "vault_admin_user": "str?",
-    "vault_admin_password": "str?",
+    "vault_admin_password": "password?",
     "disable_tls": "bool",
     "aws_unseal": "bool?",
     "aws_unseal_downgrade": "bool?",
     "unsafe_downgrade": "bool?",
     "auto_provision": "bool",
-    "provision_token": "str?",
+    "provision_token_password": "password?",
     "vault_local_config": "str?",
     "aws_region": "str?",
     "aws_access_key": "str?",
-    "aws_secret_key": "str?",
+    "aws_secret_key_password": "password?",
     "aws_kms_key_id": "str?"
   },
   "arch": ["amd64", "armhf", "i386" , "aarch64"],

diff --git a/rootfs/usr/bin/init.sh b/rootfs/usr/bin/init.sh
@@ -8,7 +8,7 @@ VAULT_ADMIN_USER="$(bashio::config 'vault_admin_user')"
 VAULT_ADMIN_PASSWORD="$(bashio::config 'vault_admin_password')"
 CREATE_ADMIN_USER="$(bashio::config 'create_admin_user')"
 AUTO_PROVISION="$(bashio::config 'auto_provision')"
-PROVISION_TOKEN="$(bashio::config 'provision_token')"
+PROVISION_TOKEN="$(bashio::config 'provision_token_password')"
 PGP_KEYS="$(bashio::config 'pgp_keys')"
 UNSAFE_DOWNGRADE="$(bashio::config 'unsafe_downgrade')"
 AWS_UNSEAL_DOWNGRADE="$(bashio::config 'aws_unseal_downgrade')"

diff --git a/vault.hcl.template b/vault.hcl.template
@@ -13,9 +13,9 @@ storage "raft" {
 seal "awskms" {
   region     = "{{ .aws_region }}"
   access_key = "{{ .aws_access_key }}"
-  secret_key = "{{ .aws_secret_key }}"
+  secret_key = "{{ .aws_secret_key_password }}"
   kms_key_id = "{{ .aws_kms_key_id }}"
   disabled = {{if eq .aws_unseal true}} false {{else}} true {{end}}
 }
 {{end}}
-ui = true
+ui = true