atuin icon indicating copy to clipboard operation
atuin copied to clipboard
verified publisher icon atuinsh

docker improvement: ATUIN_DB_PASSWORD_FILE

Open mortee opened this issue 1 year ago • 1 comments

It would be nice if somehow the containerized sync server could read the DB password from a file, thus enabling e.g. docker swarm's secret facility, which presents secrets to containers as files. Now I'm forced to override the entrypoint, and insert a shell command to read the pwd file and construct the DB URI, and then execute the atuin server.

I realize that this is tricky exactly because a URI needs to be constructed, but there might be some solution. Maybe ATUIN_DB_URI_FILE, and store the whole thing in the secret?

mortee avatar Nov 19 '24 00:11 mortee

Would like to configure atuin pgsql connection with password from file like this: (this snipped is for kubernetes, but file based secrets is also well supported in docker)

        env:
          ATUIN_DB_HOST:
            valueFrom:
              secretKeyRef:
                name: pgsql-secret
                key: host
          ATUIN_DB_PORT:
            valueFrom:
              secretKeyRef:
                name: pgsql-secret
                key: port
          ATUIN_DB_NAME:
            valueFrom:
              secretKeyRef:
                name: pgsql-secret
                key: dbname
          ATUIN_DB_USERNAME:
            valueFrom:
              secretKeyRef:
                name: pgsql-secret
                key: user
          ATUIN_DB_PASSWORD_FILE: /var/run/secrets/pgpassword

instead of using the URI.

Kariton avatar Oct 11 '25 14:10 Kariton