traefik-crowdsec-bouncer
traefik-crowdsec-bouncer copied to clipboard
fbonalair
Added support for docker secrets
Right now the bouncer API key needs to be hardcoded in the compose file and/or in the external .env. The current best practice is to leverage docker secrets that are not only supported in swarm mode, but also from docker compose.
I have added a basic implementation within the RequiredEnv function, that allows the use of <environment_variable_name>+_FILE instead of <environment_variable_name>. So CROWDSEC_BOUNCER_API_KEY becomes CROWDSEC_BOUNCER_API_KEY_FILE. If said [...]_FILE variable exists the value is read from the file and returned from the RequiredEnv function.
I'd greatly appreciate some testing since logging from config.go seems kind of impossible? Even the existing log.Fatalf() entries I never get to see in the docker logs (though the container doesn't start).
Example docker-compose:
version: "3.8"
secrets:
crowdsec_bouncer_api_key:
file: /secretsPath/crowdsec_bouncer_api_key
services:
bouncer:
build: .
image: fbonalair/traefik-crowdsec-bouncer
container_name: bouncer
environment:
CROWDSEC_BOUNCER_API_KEY_FILE: /run/secrets/crowdsec_bouncer_api_key
CROWDSEC_AGENT_HOST: crowdsec:8123
secrets:
- crowdsec_bouncer_api_key
Code Climate has analyzed commit fba02745 and detected 0 issues on this pull request.
View more on Code Climate.
![codeclimate[bot] avatar](https://avatars.githubusercontent.com/in/9403?v=4 "Published by a pub.dev verified publisher"){kind=small}