Allow passing in authentication client secret as an environment varia…

…ble (#311)

clients/go/admin/config.go

@@ -49,6 +49,7 @@ type Config struct {
 	DeprecatedUseAuth    bool     `json:"useAuth" pflag:",Deprecated: Auth will be enabled/disabled based on admin's dynamically discovered information."`
 	ClientID             string   `json:"clientId" pflag:",Client ID"`
 	ClientSecretLocation string   `json:"clientSecretLocation" pflag:",File containing the client secret"`
+	ClientSecretEnvVar   string   `json:"clientSecretEnvVar" pflag:",Environment variable containing the client secret"`
 	Scopes               []string `json:"scopes" pflag:",List of scopes to request"`
 
 	// There are two ways to get the token URL. If the authorization server url is provided, the client will try to use RFC 8414 to

clients/go/admin/token_source_provider.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"io/ioutil"
+	"os"
 	"strings"
 	"sync"
 	"time"
@@ -134,14 +135,19 @@ type ClientCredentialsTokenSourceProvider struct {
 
 func NewClientCredentialsTokenSourceProvider(ctx context.Context, cfg *Config,
 	clientMetadata *service.PublicClientAuthConfigResponse, tokenURL string) (TokenSourceProvider, error) {
-
-	secretBytes, err := ioutil.ReadFile(cfg.ClientSecretLocation)
-	if err != nil {
-		logger.Errorf(ctx, "Error reading secret from location %s", cfg.ClientSecretLocation)
-		return nil, err
+	var secret string
+	if len(cfg.ClientSecretLocation) > 0 {
+		secretBytes, err := ioutil.ReadFile(cfg.ClientSecretLocation)
+		if err != nil {
+			logger.Errorf(ctx, "Error reading secret from location %s", cfg.ClientSecretLocation)
+			return nil, err
+		}
+		secret = string(secretBytes)
+	} else if len(cfg.ClientSecretEnvVar) > 0 {
+		secret = os.Getenv(cfg.ClientSecretEnvVar)
 	}
+	secret = strings.TrimSpace(secret)
 
-	secret := strings.TrimSpace(string(secretBytes))
 	scopes := cfg.Scopes
 	if len(scopes) == 0 {
 		scopes = clientMetadata.Scopes