Skip to content

Commit

Permalink
extends the docker secrets reader to work for _SECRET_FILE variables
Browse files Browse the repository at this point in the history 
Modifies the 3dic-ttp dev setup to make use of the added feature.
  • Loading branch information
@hhund
hhund committed Jan 21, 2025
1 parent f267551 commit d6764ea
Show file tree
Hide file tree
Showing 10 changed files with 83 additions and 56 deletions.
118 changes: 67 additions & 51 deletions dsf-docker-test-setup-3dic-ttp/docker-compose.yml
View file

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_dic1_bpe.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
ytqFCErw9GfhVUrrM8xc0Grbu4r7qGig
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_dic1_fhir.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
mF0GEtjFoyWIM3in4VCwifGI3azb4DTn
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_dic2_bpe.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
5GtUIUfoXnQVcsRfd0Hg4EGv14iAknGq
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_dic2_fhir.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
P7XhxzBixIf9vPdprItkbOXZwtSX2JNt
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_dic3_bpe.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
VGTQD3WWH4uGUMz408NWNzcHF1MsfV0l
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_dic3_fhir.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
9i9WRfIedG7N3QoL5WuGM8hCoySblAhK
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_ttp_bpe.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
dTB3Etd2lZ6cn6mK6YbUMvk3A5FmiOoA
1 change: 1 addition & 0 deletions dsf-docker-test-setup-3dic-ttp/secrets/oidc_client_ttp_fhir.secret
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
SquCQFwjUFqIpU8xQj9pFg79fFxlu2Eu
13 changes: 8 additions & 5 deletions ...reader/src/main/java/dev/dsf/tools/docker/secrets/DockerSecretsPropertySourceFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ public DockerSecretsPropertySourceFactory(ConfigurableEnvironment environment)
.filter(s -> s instanceof EnumerablePropertySource).map(s -> (EnumerablePropertySource<?>) s)
.flatMap(s -> List.of(s.getPropertyNames()).stream()).filter(key -> key != null)
.filter(key -> key.toLowerCase().endsWith(".password.file")
|| key.toLowerCase().endsWith("_password_file"));
|| key.toLowerCase().endsWith("_password_file") || key.toLowerCase().endsWith(".secret.file")
|| key.toLowerCase().endsWith("_secret_file"));

passwordProperties.forEach(key ->
{
Expand Down Expand Up @@ -77,7 +78,7 @@ private String readSecretsFile(String key, String secretsFile)

if (!Files.isReadable(secretsFilePath))
{
logger.warn("Secrets file at {} not readable", secretsFilePath.toString());
logger.warn("Secrets file at {} for property {} not readable", secretsFilePath.toString(), key);

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.
return null;
}

Expand All @@ -87,18 +88,20 @@ private String readSecretsFile(String key, String secretsFile)

if (secretLines.isEmpty())
{
logger.warn("Secrets file for property {} is empty", key);
logger.warn("Secrets file at {} for property {} is empty", secretsFilePath.toString(), key);

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.
return null;
}

if (secretLines.size() > 1)
logger.warn("Secrets file for property {} contains multiple lines, using only the first line", key);
logger.warn("Secrets file at {} for property {} contains multiple lines, using only the first line",
secretsFilePath.toString(), key);

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.

return secretLines.get(0);
}
catch (IOException e)
{
logger.warn("Error while reading secrets file {}: {}", secretsFilePath.toString(), e.getMessage());
logger.warn("Error while reading secrets file {} for property {}: {}", secretsFilePath.toString(), key,
e.getMessage());

Check failure

Code scanning / CodeQL

Insertion of sensitive information into log files High

This
potentially sensitive information
Loading
is written to a log file.
This
potentially sensitive information
Loading
is written to a log file.
throw new RuntimeException(e);
}
}
Expand Down

0 comments on commit d6764ea

Please sign in to comment.