[PR #11] [MERGED] Add secrets file support for docker #24

Closed
opened 2026-03-03 16:27:50 +03:00 by kerem · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/natrontech/pbs-exporter/pull/11
Author: @ChrisFromCnC
Created: 4/11/2024
Status: Merged
Merged: 4/11/2024
Merged by: @janfuhrer

Base: mainHead: ChrisFromCnC-Add-secrets-file-support-for-docker


📝 Commits (1)

  • 0e49d40 Add secrets file support for docker

📊 Changes

1 file changed (+31 additions, -0 deletions)

View changed files

📝 main.go (+31 -0)

📄 Description

I propose to add support to dockerfile secrets for PBS_USERNAME, PBS_API_TOKEN_NAME and PBS_API_TOKEN.

Idea is to move secrets outside of docker-compose file for instance for security purpose.

As example a docker-compose file can be created like this: proxmoxbackup:
image: ghcr.io/natrontech/pbs-exporter:0.1.5
container_name: proxmoxbackup
restart: always
secrets:

  • proxmoxbackup-username
  • proxmoxbackup-api-token-name
  • proxmoxbackup-api-token environment:
    PBS_USERNAME_FILE: /run/secrets/proxmoxbackup-username PBS_API_TOKEN_NAME_FILE: /run/secrets/proxmoxbackup-api-token-name PBS_API_TOKEN_FILE: /run/secrets/proxmoxbackup-api-token

secrets:
proxmoxbackup-username:
file: "./.secrets/proxmoxbackup_username.secret"
proxmoxbackup-api-token-name:
file: "./.secrets/proxmoxbackup_api_token_name.secret" proxmoxbackup-api-token:
file: "./.secrets/proxmoxbackup_api_token.secret"

All secrets are now stored in a folder .secrets.

Convention naming for secrets in docker is to add _FILE to regular environnement variable. In our case we need to manage PBS_USERNAME_FILE, PBS_API_TOKEN_NAME_FILE and PBS_API_TOKEN_FILE env variables.

I just adapt the main.go to read the new env variable for the secret file name and read the first line from the file.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/natrontech/pbs-exporter/pull/11 **Author:** [@ChrisFromCnC](https://github.com/ChrisFromCnC) **Created:** 4/11/2024 **Status:** ✅ Merged **Merged:** 4/11/2024 **Merged by:** [@janfuhrer](https://github.com/janfuhrer) **Base:** `main` ← **Head:** `ChrisFromCnC-Add-secrets-file-support-for-docker` --- ### 📝 Commits (1) - [`0e49d40`](https://github.com/natrontech/pbs-exporter/commit/0e49d40db827263aeab91439c6a9ff06e30cf477) Add secrets file support for docker ### 📊 Changes **1 file changed** (+31 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `main.go` (+31 -0) </details> ### 📄 Description I propose to add support to dockerfile secrets for PBS_USERNAME, PBS_API_TOKEN_NAME and PBS_API_TOKEN. Idea is to move secrets outside of docker-compose file for instance for security purpose. As example a docker-compose file can be created like this: proxmoxbackup: image: ghcr.io/natrontech/pbs-exporter:0.1.5 container_name: proxmoxbackup restart: always secrets: - proxmoxbackup-username - proxmoxbackup-api-token-name - proxmoxbackup-api-token environment: PBS_USERNAME_FILE: /run/secrets/proxmoxbackup-username PBS_API_TOKEN_NAME_FILE: /run/secrets/proxmoxbackup-api-token-name PBS_API_TOKEN_FILE: /run/secrets/proxmoxbackup-api-token secrets: proxmoxbackup-username: file: "./.secrets/proxmoxbackup_username.secret" proxmoxbackup-api-token-name: file: "./.secrets/proxmoxbackup_api_token_name.secret" proxmoxbackup-api-token: file: "./.secrets/proxmoxbackup_api_token.secret" All secrets are now stored in a folder .secrets. Convention naming for secrets in docker is to add _FILE to regular environnement variable. In our case we need to manage PBS_USERNAME_FILE, PBS_API_TOKEN_NAME_FILE and PBS_API_TOKEN_FILE env variables. I just adapt the main.go to read the new env variable for the secret file name and read the first line from the file. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-03 16:27:50 +03:00
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/pbs-exporter#24
No description provided.