From 3b1aa403721f14b3b79c4b742648672b452cae94 Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Thu, 15 Aug 2024 04:46:39 -0700
Subject: [PATCH] support relative paths for KMS_SECRET_KEY_FILE (#20264)

fixes #20251
---
 internal/kms/config.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/kms/config.go b/internal/kms/config.go
index 2a50ca3b7..7d5952764 100644
--- a/internal/kms/config.go
+++ b/internal/kms/config.go
@@ -26,6 +26,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 	"sync/atomic"
 	"syscall"
@@ -254,6 +255,13 @@ func Connect(ctx context.Context, opts *ConnectionOptions) (*KMS, error) {
 		var s string
 		if lookup(EnvKMSSecretKeyFile) {
 			b, err := os.ReadFile(env.Get(EnvKMSSecretKeyFile, ""))
+			if err != nil && !os.IsNotExist(err) {
+				return nil, err
+			}
+			if os.IsNotExist(err) {
+				// Relative path where "/run/secrets" is the default docker path for secrets
+				b, err = os.ReadFile(filepath.Join("/run/secrets", env.Get(EnvKMSSecretKeyFile, "")))
+			}
 			if err != nil {
 				return nil, err
 			}