Support reading password from file

[septatrix]

This is necessary to support e.g. dockers and podmans secrets mechanism or the systemd LoadCredential directive. For this to work a config option (or flag) would need to be added which gets a path from which the password can be read.

[n0toose]

Should the option be shown to the user or be "internal", as to not encourage anyone to leave their RWTH SSO password laying around in plain text without some sort of a good justification?

[septatrix]

It can be shown to the user. Currently one can also put the password in the config file so in that regard there is not too much of a difference

[n0toose]

Yeah, completely forgot about that part. Hey, maybe we could use the config file for that?

[n0toose]

This is necessary to support e.g. dockers and podmans secrets mechanism

I am a bit uneducated on the subject, is an entrypoint.sh file with

#!/bin/bash
BASEDIR=$(dirname "$0");
cd $BASEDIR;

if [[ -n "$PASS" ]];
then
  if [[ -n "$USER" ]];
  then
	  python3 -m syncMyMoodle $TOKEN
  else
	  echo 'You must specify environment variable $USER'
  fi
else
  echo 'You must specify environment variable $PASS'
fi
fi

not good enough? (P.S. I wrote the file in bulk)

[septatrix]

Not really because there are often ways in which environment variables can be accessed or are leaked. Docker, Kubernetes, Systemd etc. therefore write the content to files and pass the files as environment variables. These files must the be read to get the secrets