Does _FILE work for REPLICATION_PASSWORD for using docker secrets

[dave08]

Thanks for the great implementation! This is the best, most non-intrusive I've found after lots of googling. The main image translates any environment variable with _FILE extension to the value contained in the file. This allows for not exposing secrets on production servers. Does this image also do that?

Thanks again!

[nebirhos]

Hi @dave08, and thanks for your interest in this project!

It does't work out of the box, but I think we can import the function from https://github.com/docker-library/postgres/blob/master/9.6/docker-entrypoint.sh#L8.

I never tried the file_env feature. Why not setting the password at runtime with -e REPLICATION_PASSWORD="xxx"?

[dave08]

See: https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/ for explanation of why, and: https://github.com/DanielDent/docker-postgres-replication/pull/7 for possible how.. I just don't understand enough about replication and pg, and am very limited for time (like everybody :) ) to actually make these changes with a pull.