timetagger
timetagger copied to clipboard
Issues with password in Docker .env
Heya,
Got a weird one, might be user error.
Trying to utilise the bcrypted password in a docker env file:
timetagger:
image: ghcr.io/almarklein/timetagger
container_name: Timetagger
networks:
pihole:
ipv4_address: '172.22.0.137'
ports:
- "43841:80"
volumes:
- $USERDIR/Timetagger:/root/_timetagger
environment:
- TIMETAGGER_BIND=0.0.0.0:80
- TIMETAGGER_DATADIR=/root/_timetagger
- TIMETAGGER_LOG_LEVEL=info
- TIMETAGGER_CREDENTIALS=myuser:$$2a$$08$$qFFehmqHMmIwR91g77N9xOc.eA8pkRE64zXwJo/AR/fWTbGrEgHEm
If I enter the credentials as above, it works as expected.
If I try entering it as an env var it does not:
timetagger:
image: ghcr.io/almarklein/timetagger
container_name: Timetagger
networks:
pihole:
ipv4_address: '172.22.0.137'
ports:
- "43841:80"
volumes:
- $USERDIR/Timetagger:/root/_timetagger
environment:
- TIMETAGGER_BIND=0.0.0.0:80
- TIMETAGGER_DATADIR=/root/_timetagger
- TIMETAGGER_LOG_LEVEL=info
- TIMETAGGER_CREDENTIALS=$TIMETAGUSER:$TIMETAGPASS
.env:
#Timetagger
TIMETAGUSER="myuser"
TIMETAGPASS="$$2a$$08$$qFFehmqHMmIwR91g77N9xOc.eA8pkRE64zXwJo/AR/fWTbGrEgHEm"
docker compose show config
outputs the following:
timetagger:
container_name: Timetagger
environment:
TIMETAGGER_BIND: 0.0.0.0:80
TIMETAGGER_CREDENTIALS: myuser:$$a$$$$$$qFFehmqHMmIwR91g77N9xOc.eA8pkRE64zXwJo/AR/fWTbGrEgHEm
TIMETAGGER_DATADIR: /root/_timetagger
TIMETAGGER_LOG_LEVEL: info
And obviously, if I don't escape the "$", I get the expected problem:
TIMETAGGER_CREDENTIALS: myuser:a$$qFFehmqHMmIwR91g77N9xOc.eA8pkRE64zXwJo/AR/fWTbGrEgHEm
Any thoughts?
I've posted it here too https://github.com/docker/compose/issues/9716 as it seems to be a weird bug with compose, but definitely something to consider as quite a few people use env files when they have a large compose file.
Maybe allow for b64 encodings of the bcrypt hash to remove the "$"/special characters to allow things to function more smoothly in Docker?
Docker Compose version v2.6.0
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:02:57 2022
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:03 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
The solution for anyone else who wishes to do this:
In your .env file, single quote the value, but do not escape it.
.env file:
TIMETAGUSER="myuser"
TIMETAGPASS='$2a$08$qFFehmqHMmIwR91g77N9xOc.eA8pkRE64zXwJo/AR/fWTbGrEgHEm'
docker-compose file:
environment:
- TIMETAGGER_CREDENTIALS=$TIMETAGUSER:${TIMETAGPASS}
Glad you figured that one out. So if I understand correctly, using the single quotes prevents the dollar signs to be evaluated as variables, right?
Glad you figured that one out. So if I understand correctly, using the single quotes prevents the dollar signs to be evaluated as variables, right?
That's correct.
- Double quotes break it.
- Double quotes with escaped dollar signs break it.
- Single quotes with escaped characters break it.
I think I reopened this so that we can document this workaround.