diff --git a/README.md b/README.md index a65edbb..d623656 100644 --- a/README.md +++ b/README.md @@ -219,7 +219,11 @@ KICKSTART_PORTS="80:4200;25:25" # Change the Port-Mappings KICKSTART_WIN_PATH= # If running on windows - map bash ``` +## Secrets +Secrets can be added either via the command `kickstart secrets add ` or +via Environment variables (used for ci-builds). All variables names `KICKSECRET_name` will +be mounted to `/run/secrets/name`. ## Project-wide config file diff --git a/dist/.kick-stack.yml b/dist/.kick-stack.yml index 72360bf..af9e66a 100644 --- a/dist/.kick-stack.yml +++ b/dist/.kick-stack.yml @@ -8,10 +8,10 @@ services: some_service: image: some/image networks: - - project_name + - dist networks: - project_name: + dist: external: true ## Very important: Otherwise no connection \ No newline at end of file diff --git a/dist/kickstart.sh b/dist/kickstart.sh index 23a0de7..a707ee1 100755 --- a/dist/kickstart.sh +++ b/dist/kickstart.sh @@ -444,6 +444,10 @@ elif [ -e "$PROGPATH/.env.dist" ] && [ "$#" == "0" ]; then read -r -p "Hit (enter) to continue without .env file or CTRL-C to exit." choice fi + + + + run_container() { echo -e $COLOR_GREEN"Loading container '$FROM_IMAGE'..." if [ "$OFFLINE_MODE" == "0" ] @@ -700,6 +704,16 @@ then fi; +echo "Scanning env for KICKSECRET_*"; +for secret in $(env | grep ^KICKSECRET | sed 's/KICKSECRET_\([a-zA-Z0-9_]\+\).*/\1/'); do + secretName="KICKSECRET_$secret" + secretFile="/tmp/.kicksecret.$secretName" + echo ${!secretName} > $secretFile + echo "+ adding secret from env: $secretName > /run/secrets/$secret"; + DOCKER_OPT_PARAMS="$DOCKER_OPT_PARAMS -v '$secretFile:/run/secrets/$secret' " +done; + + # Ports to be exposed IFS=';' read -r -a _ports <<< "$KICKSTART_PORTS" for _port in "${_ports[@]}" diff --git a/doc/secretadd.sh b/doc/secretadd.sh new file mode 100755 index 0000000..a35ad30 --- /dev/null +++ b/doc/secretadd.sh @@ -0,0 +1,10 @@ +#!/bin/bash + + +secretsEnv = $(env | grep ^KICKSECRET | sed 's/KICKSECRET_\([a-zA-Z0-9_]\+\).*/\1/'); +for secret in $(env | grep ^KICKSECRET | sed 's/KICKSECRET_\([a-zA-Z0-9_]\+\).*/\1/'); do + secretName="KICKSECRET_$secret" + echo ${!secretName} > "/tmp/.kicksecret.$secretName" + + echo "adding secret $secret: ${!secretName}"; +done;