[hotfix] Prioritise API database secrets over .env

[gocanto]

Summary by CodeRabbit

• New Features

  • Improved handling of sensitive database credentials by prioritizing secure retrieval from secrets, with fallback to environment variables if secrets are unavailable.

• Chores

  • Updated environment setup to use secrets for database credentials in containerized deployments, enhancing security and configuration management.

[coderabbitai]

Walkthrough

This update introduces a new mechanism for retrieving sensitive database credentials by prioritizing Docker secrets over environment variables. The environment setup logic and Docker Compose configuration are modified to use this approach, and a new utility function is added to handle secret-or-env fallback logic.

Changes

File(s)	Change Summary
env/env.go	Added GetSecretOrEnv, which reads secrets from files or falls back to environment variables.
boost/factory.go	Updated MakeEnv to use GetSecretOrEnv for database credentials and name retrieval.
docker-compose.yml	Switched api service to use Docker secrets for DB credentials instead of environment variables.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant API_Service
    participant Env_Package
    participant Docker_Secrets

    User->>API_Service: Start container
    API_Service->>Env_Package: MakeEnv()
    Env_Package->>Docker_Secrets: Try to read /run/secrets/postgres_user
    alt Secret exists
        Docker_Secrets-->>Env_Package: Return secret value
    else Secret missing
        Env_Package->>Env_Package: GetEnvVar("ENV_DB_USER_NAME")
    end
    Env_Package-->>API_Service: Provide DB credentials

Loading

Possibly related PRs

• [DB] Production Ready #39: Adds Docker secrets and refactors Docker Compose and scripts to use secrets for PostgreSQL credentials, directly relating to this PR's credential sourcing changes.

Poem

In the warren of secrets, a rabbit did find
A safer way to leave old env vars behind.
Now credentials are hidden, tucked out of sight,
With secrets retrieved in the dead of the night.
Hop, hop, hooray—security’s tight! 🐇🔐

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

env/env.go (1)

20-35: Remove redundant fallback logic and consider adding error logging.

The implementation correctly prioritizes Docker secrets over environment variables, but there are some improvements to consider:

1. Redundant fallback: Line 34 is redundant since the os.IsNotExist(err) case already handles the fallback on lines 30-32.

2. Silent error handling: Other file read errors (permissions, I/O errors) are silently ignored, which could make debugging difficult in production.

Apply this diff to improve the implementation:

 func GetSecretOrEnv(secretName string, envVarName string) string {
 	secretPath := "/run/secrets/" + secretName
 
 	// Try to read the secret file first.
 	content, err := os.ReadFile(secretPath)
 	if err == nil {
 		return strings.TrimSpace(string(content))
 	}
 
-	// If the file does not exist, fall back to the environment variable.
-	if os.IsNotExist(err) {
-		return GetEnvVar(envVarName) // Use your existing function here
-	}
-
+	// If the file does not exist or any other error occurs, fall back to the environment variable.
+	// Note: Consider adding logging for non-NotExist errors in production
 	return GetEnvVar(envVarName)
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ffa3085 and 98e09e5.

📒 Files selected for processing (3)

• boost/factory.go (1 hunks)
• docker-compose.yml (1 hunks)
• env/env.go (1 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

boost/factory.go (1)

env/env.go (1)

• GetSecretOrEnv (20-35)

🔇 Additional comments (3)

boost/factory.go (1)

75-77: No change required for ENV_DB_USER_PASSWORD naming

The environment variable name ENV_DB_USER_PASSWORD correctly matches the existing pattern alongside ENV_DB_USER_NAME. The use of GetSecretOrEnv to prioritize Docker secrets over env vars for database credentials is valid and enhances security.

• File: boost/factory.go
  Lines 75–77: GetSecretOrEnv("postgres_user", "ENV_DB_USER_NAME"),
  GetSecretOrEnv("postgres_password", "ENV_DB_USER_PASSWORD"),
  GetSecretOrEnv("postgres_db", "ENV_DB_DATABASE_NAME")

Security enhancement approved.

docker-compose.yml (2)

2-8: Well-structured Docker secrets configuration.

The secrets configuration follows Docker Compose best practices:

• Uses environment variable substitution with sensible defaults
• Consistent file path structure under ./database/infra/secrets/
• Secret names align with usage in the Go code

---

90-93: Correct secrets integration for the api service.

The secrets configuration properly grants the api service access to the database credentials. The secret names match both the top-level definitions and the usage in the Go code.