First Commit of using docker secrets

Using docker secrets if present to populate the sensitive environment variables whose values we do not want in clear text in the repo amend: fixed typo

First Commit of using docker secrets
81f86e35 · Philippe Grassia · 7c16ed91 · 81f86e35
Commit 81f86e35 authored 5 years ago by Philippe Grassia
--- a/docker/entrypoint
+++ b/docker/entrypoint
 #!/bin/bash
+## PGA: 2019-10-15: use certs from secrets for Shibboleth SP
+SHIB_SP_CERT=/run/secrets/gracedb_ligo_org_saml_cert
+SHIB_SP_KEY=/run/secrets/gracedb_ligo_org_saml_privkey
+if [ -f $SHIB_SP_CERT && -f $SHIB_SP_KEY ]
+then
+	echo "Using Shibboleth Cert from docker secrets over the image one"
+	cp -f $SHIB_SP_CERT /etc/shibboleth/sp-cert.pem
+	cp -f $SHIB_SP_KEY /etc/shibboleth/sp-key.pem
+	chown _shibd:_shibd /etc/shibboleth/sp-{cert,key}.pem
+	chmod 0600 /etc/shibboleth/sp-key.pem
+fi
+## PGA 2019-10-16: use secrets for sensitive environment variables
+LIST="aws_ses_access_key_id
+  aws_ses_secret_access_key
+  django_db_password
+  django_secret_key
+  django_twilio_account_sid
+  django_twilio_auth_token
+  lvalert_password"
+for SECRET in $LIST
+do
+	VARNAME=$( tr [:lower:] [:upper:] <<<$SECRET)
+	[  -f run/secrets/$SECRET ] && export $VARNAME=\$(< /run/secrets/$SECRET)
+done
 export LVALERT_OVERSEER_RESOURCE=${LVALERT_USER}_overseer_$(python  -c 'import uuid; print(uuid.uuid4().hex)')
 exec "$@"