Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEAT] Storing Secrets #170

Closed
TonyBrobston opened this issue Nov 26, 2021 · 7 comments
Closed

[FEAT] Storing Secrets #170

TonyBrobston opened this issue Nov 26, 2021 · 7 comments
Labels
enhancement New feature or request

Comments

@TonyBrobston
Copy link

My apologies if this is covered somewhere and I missed it. Is there a pattern for dealing with secrets, passwords, things you don't want directly in your config?

I see that Frigate uses a pattern where you can create environment variables prefixed with FRIGATE_ and then reference them in yaml by wrapping the environment variable in curly braces {FRIGATE_MQTT_PASSWORD}, does something like this exist in Double Take?

If Double Take does not have this yet, it seems like using the same pattern as Frigate could make this straight forward for users?

My main issue is that my mqtt-broker has a username/password and I would like to keep my mqtt password out of my config file; often times I leave these config files open source and reference them.

Thanks for the work on this repo, it is a much needed tool and I look forward to working with it more!
@TonyBrobston TonyBrobston added the enhancement New feature or request label Nov 26, 2021
jakowenko added a commit that referenced this issue Nov 26, 2021
@jakowenko
feat: secrets.yml support (#170)
53b11c8
@jakowenko
Copy link
Owner

Hey @TonyBrobston, thanks for the great suggestion. I pushed a new beta build to include this ability. I modeled it similar to how Home Assistant does it.

Let me know what you think!

Create a secrets.yml file in the /config directory to store private information outside of config.yml. Use !secret and an identifier.

mqtt:
  host: localhost
  username: mqtt
  password: !secret mqtt_password

detectors:
  compreface:
    url: localhost:8000
    key: !secret compreface_key

The secrets.yaml file contains the corresponding value assigned to the identifier.

mqtt_password: <password>
compreface_key: <api-key>

@TonyBrobston
Copy link
Author

Awesome, I'll give that a shot and report back. I assume there is a beta docker image tag? I'll take a look when I have time.

Thanks!

@jakowenko
Copy link
Owner

jakowenko commented Nov 26, 2021
edited
Loading

Awesome, I'll give that a shot and report back. I assume there is a beta docker image tag? I'll take a look when I have time.

Thanks!

jakowenko/double-take:beta is the beta build. It's only for amd64, so if you are running on a Pi you'll have to wait until I release this 1.7.0 which will probably be tomorrow. Just wanted you to test this feature first :). I did push a little update to use the Home Assistant /config/secrets.yaml file if you are running the add-on, I have it explained here.

@TonyBrobston
Copy link
Author

Sounds good. I'm currently running on a server with an AMD Ryzen Threadripper, so beta should be good.

jakowenko added a commit that referenced this issue Nov 27, 2021
@jakowenko
chore(release): 1.7.0 [skip ci]
bf3e911 
# [1.7.0](v1.6.0...v1.7.0) (2021-11-27)

### Bug Fixes

* better support of jpg images for thumbnails/box ([#156](#156)) ([04e7d83](04e7d83))
* lowercase camera name in mqtt topics ([#163](#163)) ([57e605b](57e605b))
* optional chaining for frigate url ([68a9032](68a9032))
* use lower compreface det_prob_threshold for /recognize/test ([#136](#136)) ([6a0c435](6a0c435))

### Features

* ability to change mqtt client_id ([#168](#168)) ([98d7f2a](98d7f2a))
* **api:** validate config with jsonschema ([ad23c7b](ad23c7b))
* edit secrets.yml from ui ([963cacd](963cacd))
* secrets.yml support ([#170](#170)) ([53b11c8](53b11c8))
* support ui base path ([#166](#166)) ([b1d06aa](b1d06aa))
@jakowenko
Copy link
Owner

This was included in the latest release v1.7.0. I'm going to close this for now, but feel free to reopen if you run into any issues. Thanks again for the feature request!

@TonyBrobston
Copy link
Author

I finally got around to using this, it works great!

I was able to back everything up to a github repo and keep my secrets out!

@jakowenko
Copy link
Owner

I finally got around to using this, it works great!

I was able to back everything up to a github repo and keep my secrets out!

Awesome! So happy to hear it's working for you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jakowenko @TonyBrobston