From c7a127728c0a68ca0d3b2a2a97100048e1777cfa Mon Sep 17 00:00:00 2001
From: Matthes <matthes@leuffen.de>
Date: Tue, 28 Apr 2020 11:58:27 +0200
Subject: [PATCH] added loading KICKSECRETS_ from env

---
 README.md            |  4 ++++
 dist/.kick-stack.yml |  4 ++--
 dist/kickstart.sh    | 14 ++++++++++++++
 doc/secretadd.sh     | 10 ++++++++++
 4 files changed, 30 insertions(+), 2 deletions(-)
 create mode 100755 doc/secretadd.sh

diff --git a/README.md b/README.md
index a65edbb..d623656 100644
--- a/README.md
+++ b/README.md
@@ -219,7 +219,11 @@ KICKSTART_PORTS="80:4200;25:25"     # Change the Port-Mappings
 KICKSTART_WIN_PATH=                 # If running on windows - map bash 
 ```
 
+## Secrets
 
+Secrets can be added either via the command `kickstart secrets add <secretname>` or
+via Environment variables (used for ci-builds). All variables names `KICKSECRET_name` will
+be mounted to `/run/secrets/name`.
 
 
 ## Project-wide config file
diff --git a/dist/.kick-stack.yml b/dist/.kick-stack.yml
index 72360bf..af9e66a 100644
--- a/dist/.kick-stack.yml
+++ b/dist/.kick-stack.yml
@@ -8,10 +8,10 @@ services:
   some_service:
     image: some/image
     networks:
-      - project_name
+      - dist
 
 
 networks:
-  project_name:
+  dist:
     external: true
     ## Very important: Otherwise no connection
\ No newline at end of file
diff --git a/dist/kickstart.sh b/dist/kickstart.sh
index 23a0de7..a707ee1 100755
--- a/dist/kickstart.sh
+++ b/dist/kickstart.sh
@@ -444,6 +444,10 @@ elif [ -e "$PROGPATH/.env.dist" ] && [ "$#" == "0" ]; then
     read -r -p "Hit (enter) to continue without .env file or CTRL-C to exit." choice
 fi
 
+
+
+
+
 run_container() {
     echo -e $COLOR_GREEN"Loading container '$FROM_IMAGE'..."
     if [ "$OFFLINE_MODE" == "0" ]
@@ -700,6 +704,16 @@ then
 fi;
 
 
+echo "Scanning env for KICKSECRET_*";
+for secret in $(env | grep ^KICKSECRET | sed 's/KICKSECRET_\([a-zA-Z0-9_]\+\).*/\1/'); do
+    secretName="KICKSECRET_$secret"
+    secretFile="/tmp/.kicksecret.$secretName"
+    echo ${!secretName} > $secretFile
+    echo "+ adding secret from env: $secretName > /run/secrets/$secret";
+    DOCKER_OPT_PARAMS="$DOCKER_OPT_PARAMS -v '$secretFile:/run/secrets/$secret' "
+done;
+
+
 # Ports to be exposed
 IFS=';' read -r -a _ports <<< "$KICKSTART_PORTS"
 for _port in "${_ports[@]}"
diff --git a/doc/secretadd.sh b/doc/secretadd.sh
new file mode 100755
index 0000000..a35ad30
--- /dev/null
+++ b/doc/secretadd.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+secretsEnv = $(env | grep ^KICKSECRET | sed 's/KICKSECRET_\([a-zA-Z0-9_]\+\).*/\1/');
+for secret in $(env | grep ^KICKSECRET | sed 's/KICKSECRET_\([a-zA-Z0-9_]\+\).*/\1/'); do
+    secretName="KICKSECRET_$secret"
+    echo ${!secretName} > "/tmp/.kicksecret.$secretName"
+
+    echo "adding secret $secret: ${!secretName}";
+done;