Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable separation of config and secrets #18

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,28 @@ If you need additional features please open up an
The environment variable `INTERVAL` defines the interval of DNS updates in
seconds.

### Setting secrets via environment variables

You can set the following environment variables to inject secrets into the configuration:

- CUSTOMERNR
- APIKEY
- APIPASSWORD

> If the environment variables are set, the coresponding value from the `config.yml` file will be overwritten.

Example:

docker run -d \
-v $(pwd)/config.yml:/config.yml \
-e INTERVAL=300 \
-e CUSTOMERNR=111111 \
-e APIKEY=my-fancy-api-key \
-e APIPASSWORD=my-fancy-api-pw \
ghcr.io/hentra/dyndns-netcup-go

This allows you to store the configuration in plain text(e.g. git) and inject the secrets safely from a secret management solution.

### Manual
1. Download the lastest [binary](https://github.com/Hentra/dyndns-netcup-go/releases) for your OS
2. `cd` to the file you downloaded and unzip
Expand Down
28 changes: 28 additions & 0 deletions internal/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package internal

import (
"io/ioutil"
"os"
"strconv"

"gopkg.in/yaml.v2"
)
Expand Down Expand Up @@ -40,6 +42,32 @@ func LoadConfig(filename string) (*Config, error) {
return nil, err
}

// Fetch secrets from environment variables
// This way they may be stored in a secret manager and injected
//
// The environment variables are:
// - CUSTOMERNR
// - APIKEY
// - APIPASSWORD
customerNumberOverride := os.Getenv("CUSTOMERNR")
if customerNumberOverride != "" {
nr, err := strconv.Atoi(customerNumberOverride)
if err != nil {
return nil, err
}
config.CustomerNumber = nr
}

apiKeyOverride := os.Getenv("APIKEY")
if apiKeyOverride != "" {
config.APIKey = apiKeyOverride
}

apiPasswordOverride := os.Getenv("APIPASSWORD")
if apiPasswordOverride != "" {
config.APIPassword = apiPasswordOverride
}

return &config, nil
}

Expand Down