starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:53:00 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🚀 Feature: Enable use of Docker Secrets #150

New Issue
Closed
opened 2025-10-07 23:55:22 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-07 23:55:22 +03:00
Owner
Copy Link

Originally created by @crazytimmy on GitHub.

Originally assigned to: @ItalyPaleAle on GitHub.

Feature description

I couldn't find any reference in the documentation for using docker secrets for sensitive information (Maxmind key, smtp password). I hope I'm not missing it.

Pitch

Most other apps I deploy with docke I can change the environment variable to XXX_FILE=. I think it would be a good feature to support. Ideally it would support this for all environment variables just because? but at the very least sensitive information.

MAXMIND_LICENSE_KEY_FILE=/run/secrets/
SMTP_PASSWORD_FILE=/run/secrets/

Originally created by @crazytimmy on GitHub. Originally assigned to: @ItalyPaleAle on GitHub. ### Feature description I couldn't find any reference in the documentation for using docker secrets for sensitive information (Maxmind key, smtp password). I hope I'm not missing it. ### Pitch Most other apps I deploy with docke I can change the environment variable to XXX_FILE=<secretsname>. I think it would be a good feature to support. Ideally it would support this for all environment variables just because? but at the very least sensitive information. MAXMIND_LICENSE_KEY_FILE=/run/secrets/<secretname> SMTP_PASSWORD_FILE=/run/secrets/<secretname>
OVERLORD commented 2025-10-07 23:55:25 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub:

#799 will allow this!

@ItalyPaleAle commented on GitHub: #799 will allow this!
OVERLORD commented 2025-10-07 23:55:25 +03:00
Author
Owner
Copy Link

@ItalyPaleAle commented on GitHub:

I think this is a very good idea. In fact, in #682 I have added a _FILE variant for the env var passing the key encryption key.

This is not just about Docker secrets. In general, storing secrets in env vars is not always a good idea since they can be exposed. Some more context here: https://security.stackexchange.com/questions/197784/is-it-unsafe-to-use-environmental-variables-for-secret-data

@ItalyPaleAle commented on GitHub: I think this is a very good idea. In fact, in #682 I have added a `_FILE` variant for the env var passing the key encryption key. This is not just about Docker secrets. In general, storing secrets in env vars is not always a good idea since they can be exposed. Some more context here: https://security.stackexchange.com/questions/197784/is-it-unsafe-to-use-environmental-variables-for-secret-data
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#150
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?