Channel password from environment

[toxuin]

It would be surely a nice feature to be able to populate a Sonic Channel password from the environmental variable rather from the config file.

[valeriansaliou]

What's the exact use case for this? Can you explain?

[perzanko]

I think @toxuin means that config can't be stored on eg. git repo because it contains a secret password. If sonic would allow you to overwrite the configuration based on environment variables, this would allow safe sharing of the config file.
For example:
config.cfg

...
[channel]

auth_password = "${env.SECRET}"

then run sonic providing env. variable

SECRET=secretphrase sonic -c config.cfg

Does it make sense?

[toxuin]

Well in our use case I was going to create a CI pipleline that would build the container with everything it needs including the configuration, but without any secrets in it, push it to Amazon ECR and then populate all the secrets right before app start on ECS. I believe other container orchestrators recommend the same or similar approach.

Putting any passwords in either git or container repo feels wrong.

CI is controlled by a 3rd party company where jobs are ran on shared compute resources.
Git repo resides on another 3rd party service with a bunch of yet another 3rd (4th? :-D ) party integrations.

[valeriansaliou]

Ah, okay. That definitely makes sense then, and I agree with that use case.

I'm open to PRs on this, should not be too hard / long to implement! Check the ./config module from Sonic, which contains configuration readers and parsers.