Docker Image not be able to read DB password from file #57
Comments
|
When I try to use
https://github.com/TeamSpeak-Systems/teamspeak-linux-docker-images/blob/master/alpine/entrypoint.sh#L40 <<< I don't know what is going wrong here but why, why the hell such a mess? Simply check for any variable with "_FILE", then use the cat cmd and store the vaule from "_FILE" in the corresponding variable. Means, when passwordfile contains "test" as db password for TS3SERVER_DB_PASSWORD_FILE, simply use cat and store that value in TS3SERVER_DB_PASSWORD instead of doing stuff like unset, which is definitly not needed here. Also take a look into the mariadb docker image, as it uses also "_FILE" variable and it works pleanty but not here, which is very, very bad. |
I am afraid that the mysql support isn't be able to read a given file out where the password is stored.
Instead of this I must place the password directly into my docker-compose.yml which I don't want at any time because this is a high security risk.
For what is there a folder called /run/secrets/ when it's not possible to use it? Could somebody tell it me pleas from the dev?
Even if I must mount these files manually, it has to be supported. THink over when I would have a setup with swarm where I can fully use secrets which would also stop every ts3 container from working while trying to connect to a database (mysql/mariadb) because even there the password isn't read out from the file. I assume here, that the secrets name is then interpreted as the password for it.
So your task is now to implement full functionallity to read out one-line-files which are storing the password (e. g. generated with openssl -base64 [...] command). It is much more save and if the password changes, you don't need to alter any files affected to this change, because only the file in the secret folder gets changed.
Note: MariaDB Docker supports this so definitly nothing which would be impossible ;)
The text was updated successfully, but these errors were encountered: