Description
Hi there! Currently, in order to specify secrets such as the JWT secret to kutt, these must be provided via environment variables. Storing secrets in an environment file or in the environment block of a compose spec file is less ideal, especially if deployment and application config are managed in a git repo.
While Kubernetes, Podman, and other container runtimes do have support for exposing config and secrets as environment files, Docker cannot. Environment variables are distinct from Docker's Secret context, which expects to provide secrets as files (eg: /run/secrets/secret_name).
Many Dockerized applications add support for using file contents as secrets by providing optional environment variables with the extension "_FILE". In an example relevant to kutt's JWT Secret, kutt could be provided with an environment variable configured like this:
JWT_SECRET_FILE=/run/secret/jwt
Where kutt is checking its environment variables, if JWT_SECRET_FILE is set, it would check for the existence for a file at the path, and if it exists, sets the value of JWT_FILE to the contents of the file.
Ultimately, it would be nice if Docker's secrets API was updated to support deploying secrets as environment variables as well as files. Until then, this support would be very welcome.