MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Support custom paths for secret files in docker-entrypoint.sh (#10344)

This commit is contained in:
unlimitedbits 2020-08-28 23:04:29 +02:00 committed by GitHub
parent 92cd1eed45
commit cd380251b3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
dockerscripts/docker-entrypoint.sh
View File

@ -22,10 +22,18 @@ if [ "${1}" != "minio" ]; then
fi
fi
## Look for docker secrets in default documented location.
## Look for docker secrets at given absolute path or in default documented location.
docker_secrets_env() {
if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
else
ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
fi
if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
else
SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
fi
if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
if [ -f "$ACCESS_KEY_FILE" ]; then
@ -41,12 +49,15 @@ docker_secrets_env() {
## Set KMS_MASTER_KEY from docker secrets if provided
docker_kms_encryption_env() {
if [ -f "$MINIO_KMS_MASTER_KEY_FILE" ]; then
KMS_MASTER_KEY_FILE="$MINIO_KMS_MASTER_KEY_FILE"
else
KMS_MASTER_KEY_FILE="/run/secrets/$MINIO_KMS_MASTER_KEY_FILE"
fi
if [ -f "$KMS_MASTER_KEY_FILE" ]; then
MINIO_KMS_MASTER_KEY="$(cat "$KMS_MASTER_KEY_FILE")"
export MINIO_KMS_MASTER_KEY
fi
}
@ -58,7 +69,6 @@ docker_sse_encryption_env() {
if [ -f "$SSE_MASTER_KEY_FILE" ]; then
MINIO_SSE_MASTER_KEY="$(cat "$SSE_MASTER_KEY_FILE")"
export MINIO_SSE_MASTER_KEY
fi
}

5
docs/docker/README.md
View File

@ -121,6 +121,11 @@ docker service create --name="minio-service" \
--env="MINIO_SECRET_KEY_FILE=my_secret_key" \
minio/minio server /data
```
`MINIO_ACCESS_KEY_FILE` and `MINIO_SECRET_KEY_FILE` also support custom absolute paths, in case Docker secrets are mounted to custom locations or other tools are used to mount secrets into the container. For example, HashiCorp Vault injects secrets to `/vault/secrets`. With the custom names above, set the environment variables to
```
MINIO_ACCESS_KEY_FILE=/vault/secrets/my_access_key
MINIO_SECRET_KEY_FILE=/vault/secrets/my_secret_key
```
### Retrieving Container ID
To use Docker commands on a specific container, you need to know the `Container ID` for that container. To get the `Container ID`, run