filebrowser icon indicating copy to clipboard operation
filebrowser copied to clipboard
verified publisher icon gtsteffaniak

Add support for reading env variables in config file

Open dezeroku opened this issue 7 months ago • 1 comments

Is your feature request related to a problem? Please describe.

When configuring OIDC you're required to provide client_id and client_secret values in the config file. As it stands (unless I missed something, in which case I am sorry!) these have to be hardcoded. This is not only not the best practice, but makes it impossible to inject these values at runtime (e.g. using K8S secrets).

Describe the solution you'd like

The most common solution for this issue seems to be reading values from env variables. This could be implemented on a per-field basis, or maybe we could just go-template the whole config file.

Describe alternatives you've considered

Writing an init container that would sed the config file before starting up the actual application. While this would work I consider it more of a workaround than a solution.

Additional context

dezeroku avatar Jun 15 '25 23:06 dezeroku

Definitely, any secret should be able to be environment variable

gtsteffaniak avatar Jun 16 '25 02:06 gtsteffaniak

Not sure if I have to open a new issue; but ability to override any value in the config with an environment variable, or, even better, read (interpolate) env vars from the config itself, would be nice. My use case: some things, which are not secrets, but are just common to several services, are kept in the docker compose's .env file, like COMMON_DOMAIN_NAME, and my issuerUrl would be http://auth.${COMMON_DOMAIN_NAME}/, if such a functionality existed.

lvu avatar Jun 27 '25 14:06 lvu

Only a limited set of things are environment keys for a reason. By enforcing users to use the config.yaml it helps me support issues. Once I start opening the floodgates to env-based configs, or command line arguments, it becomes a very difficult process for me to help you guys... I have to ask so many more questions for every support issue.

So, especially for the near term while in beta and early development, most if not all config items will be on the config file.

gtsteffaniak avatar Jun 27 '25 17:06 gtsteffaniak

This makes sense, yes.

For those wanting to deal with it, here's my Dockerfile, which does environment substitution for the config file:

FROM gtstef/filebrowser:latest

RUN apk add gettext

COPY <<EOF /docker-entrypoint.sh
#!/bin/sh
cat /config/filebrowser.yaml | envsubst > /home/filebrowser/config.yaml
exec /home/filebrowser/filebrowser -c /home/filebrowser/config.yaml
EOF

RUN chmod a+x /docker-entrypoint.sh

ENTRYPOINT /docker-entrypoint.sh

Of course, you'll be responsible for this, neither I nor, of course, @gtsteffaniak will help you if this breaks!

lvu avatar Jul 01 '25 10:07 lvu

I like how Homepage handles this;

https://gethomepage.dev/installation/docker/#using-environment-secrets

Using Environment Secrets

You can also include environment variables in your config files to protect sensitive information. Note:

Environment variables must start with HOMEPAGE_VAR_ or HOMEPAGE_FILE_ The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config The value of env var HOMEPAGE_FILE_XXX must be a file path, the contents of which will be used to replace {{HOMEPAGE_FILE_XXX}} in any config

robflate avatar Jul 21 '25 16:07 robflate