oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support custom paths for secret files in docker-entrypoint.sh (#10344)

Browse Source
master
unlimitedbits 4 years ago committed by GitHub
parent 92cd1eed45
commit cd380251b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 6 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 22
      dockerscripts/docker-entrypoint.sh
  2. 5
      docs/docker/README.md

22
dockerscripts/docker-entrypoint.sh
Unescape View File

@ -22,10 +22,18 @@ if [ "${1}" != "minio" ]; then
fi fi
fi fi
## Look for docker secrets in default documented location. ## Look for docker secrets at given absolute path or in default documented location.
docker_secrets_env() { docker_secrets_env() {
ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE" if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE" ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
else
ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
fi
if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
else
SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
fi
if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
if [ -f "$ACCESS_KEY_FILE" ]; then if [ -f "$ACCESS_KEY_FILE" ]; then
@ -41,12 +49,15 @@ docker_secrets_env() {
## Set KMS_MASTER_KEY from docker secrets if provided ## Set KMS_MASTER_KEY from docker secrets if provided
docker_kms_encryption_env() { docker_kms_encryption_env() {
KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE" if [ -f "$MINIO_KMS_MASTER_KEY_FILE" ]; then
KMS_MASTER_KEY_FILE="$MINIO_KMS_MASTER_KEY_FILE"
else
KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
fi
if [ -f "$KMS_MASTER_KEY_FILE" ]; then if [ -f "$KMS_MASTER_KEY_FILE" ]; then
MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")" MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")"
export MINIO_KMS_MASTER_KEY export MINIO_KMS_MASTER_KEY
fi fi
} }
@ -58,7 +69,6 @@ docker_sse_encryption_env() {
if [ -f "$SSE_MASTER_KEY_FILE" ]; then if [ -f "$SSE_MASTER_KEY_FILE" ]; then
MINIO_SSE_MASTER_KEY="$(cat "$SSE_MASTER_KEY_FILE")" MINIO_SSE_MASTER_KEY="$(cat "$SSE_MASTER_KEY_FILE")"
export MINIO_SSE_MASTER_KEY export MINIO_SSE_MASTER_KEY
fi fi
} }

5
docs/docker/README.md
Unescape View File

@ -121,6 +121,11 @@ docker service create --name="minio-service" \
--env="MINIO_SECRET_KEY_FILE=my_secret_key" \ --env="MINIO_SECRET_KEY_FILE=my_secret_key" \
minio/minio server /data minio/minio server /data
``` ```
`MINIO_ACCESS_KEY_FILE` and `MINIO_SECRET_KEY_FILE` also support custom absolute paths, in case Docker secrets are mounted to custom locations or other tools are used to mount secrets into the container. For example, HashiCorp Vault injects secrets to `/vault/secrets`. With the custom names above, set the environment variables to
```
MINIO_ACCESS_KEY_FILE=/vault/secrets/my_access_key
MINIO_SECRET_KEY_FILE=/vault/secrets/my_secret_key
```
### Retrieving Container ID ### Retrieving Container ID
To use Docker commands on a specific container, you need to know the `Container ID` for that container. To get the `Container ID`, run To use Docker commands on a specific container, you need to know the `Container ID` for that container. To get the `Container ID`, run

Write Preview
Loading…
Cancel
Save