[
https://issues.apache.org/jira/browse/KARAF-6733?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alex Soto updated KARAF-6733:
-----------------------------
Description:
Currently, I can have the following in a configuration file:
org.ops4j.pax.web.ssl.password={color:#2a00ff}${env:MYPASSWORD}{color}
And, as the documentation states:
{quote}Environment variables can be referenced inside configuration files using
the syntax {{$\{env:<name>}}} (e.g. {{property=$\{env:FOO}}} will set
"property" to the value of the enviroment variable "FOO").
{quote}
Karaf will use the value from the environment variable. It's all good, but...
When used with Docker secrets, this forces you to copy the secret from the
default location "/run/secrets/" to an environment variable.
This is a proposal to add a Karaf mechanism to inject values from files in
config files. For example:
org.ops4j.pax.web.ssl.password={color:#2a00ff}${[file:/run/secrets/mypassword|file:///run/secrets/mypassword]}{color}
So, when Karaf’s see the prefix _$[file:_|file:///_] it will get the content
of the file and use it as the value of the configuration key.
This way:
1) I don’t have to write a complex script to copy the secret into the
environment variable, and
2) the secret is only in one place.
(prefix "file" is just for illustration, it can be something else)
See discussion here:
[http://karaf.922171.n3.nabble.com/Using-Docker-Secrets-in-Karaf-Configuration-td4058215.html]
was:
Currently, I can have the following in a configuration file:
org.ops4j.pax.web.ssl.password={color:#2a00ff}${env:MYPASSWORD}{color}
And, as the documentation states:
{quote}Environment variables can be referenced inside configuration files using
the syntax {{${env:<name>}}} (e.g. {{property=${env:FOO}}} will set "property"
to the value of the enviroment variable "FOO"). {quote}
Karaf will use the value from the environment variable. It's all good, but...
When used with Docker secrets, this forces you to copy the secret from the
default location "/run/secrets/" to an environment variable.
This is a proposal to add a Karaf mechanism to inject values from files in
config files. For example:
org.ops4j.pax.web.ssl.password={color:#2a00ff}${file:/run/secrets/mypassword}{color}
So, when Karaf’s see the prefix _$file:_ it will get the content of the file
and use it as the value of the configuration key.
This way:
1) I don’t have to write a complex script to copy the secret into the
environment variable, and
2) the secret is only in one place.
(prefix "file" is just for illustration, it can be something else)
> Inject values from files in config files
> -----------------------------------------
>
> Key: KARAF-6733
> URL: https://issues.apache.org/jira/browse/KARAF-6733
> Project: Karaf
> Issue Type: Improvement
> Components: karaf
> Affects Versions: 4.2.8
> Reporter: Alex Soto
> Priority: Minor
>
> Currently, I can have the following in a configuration file:
>
> org.ops4j.pax.web.ssl.password={color:#2a00ff}${env:MYPASSWORD}{color}
>
> And, as the documentation states:
> {quote}Environment variables can be referenced inside configuration files
> using the syntax {{$\{env:<name>}}} (e.g. {{property=$\{env:FOO}}} will set
> "property" to the value of the enviroment variable "FOO").
> {quote}
>
> Karaf will use the value from the environment variable. It's all good,
> but...
>
> When used with Docker secrets, this forces you to copy the secret from the
> default location "/run/secrets/" to an environment variable.
>
> This is a proposal to add a Karaf mechanism to inject values from files in
> config files. For example:
>
>
> org.ops4j.pax.web.ssl.password={color:#2a00ff}${[file:/run/secrets/mypassword|file:///run/secrets/mypassword]}{color}
>
> So, when Karaf’s see the prefix _$[file:_|file:///_] it will get the
> content of the file and use it as the value of the configuration key.
>
> This way:
>
> 1) I don’t have to write a complex script to copy the secret into the
> environment variable, and
> 2) the secret is only in one place.
>
>
> (prefix "file" is just for illustration, it can be something else)
>
> See discussion here:
> [http://karaf.922171.n3.nabble.com/Using-Docker-Secrets-in-Karaf-Configuration-td4058215.html]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
