-
-
Notifications
You must be signed in to change notification settings - Fork 12.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pumpio service: don't keep secrets in nix store
Added extra config options to allow reading passwords from file rather than the world-readable nix store. The full config.json file is created at service startup. Relevant to #18881
- Loading branch information
Showing
2 changed files
with
157 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
var fs = require('fs'); | ||
|
||
var opts = JSON.parse(fs.readFileSync("/dev/stdin").toString()); | ||
var config = opts.config; | ||
|
||
var readSecret = function(filename) { | ||
return fs.readFileSync(filename).toString().trim(); | ||
}; | ||
|
||
if (opts.secretFile) { | ||
config.secret = readSecret(opts.secretFile); | ||
} | ||
if (opts.dbPasswordFile) { | ||
config.params.dbpass = readSecret(opts.dbPasswordFile); | ||
} | ||
if (opts.smtpPasswordFile) { | ||
config.smtppass = readSecret(opts.smtpPasswordFile); | ||
} | ||
if (opts.spamClientSecretFile) { | ||
config.spamclientsecret = readSecret(opts.opts.spamClientSecretFile); | ||
} | ||
|
||
fs.writeFileSync(opts.outputFile, JSON.stringify(config)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters