Drone

Can drone/drone image support _FILE for env var secrets

Hey,

Firstly, thanks for the wonderful software!

I am using Docker Swarm to deploy Drone. Swarm forces users to inject secrets as files on the file system, into /run/secrets/mycoolsecret, for example, and then some images publishers support a _FILE postfix for their environment variables so as to support Swarm users.

See how Mariadb handles this:

https://github.com/docker-library/docs/blob/master/mariadb/README.md#docker-secrets

So, concretely, for Drone, I’d like to see the following available:

  • DRONE_GITEA_CLIENT_SECRET -> DRONE_GITEA_CLIENT_SECRET_FILE
  • DRONE_RPC_SECRET -> DRONE_RPC_SECRET_FILE

So that I can do something like:

  drone:
    image: "drone/drone:1.8.0"
  volumes:
    - "data:/data"
  environment:
    - DRONE_GITEA_CLIENT_SECRET_FILE: /run/secrets/gitea_client_secret

I’ve raised this issue also recently for the invoiceninja image:

https://github.com/invoiceninja/dockerfiles/issues/149

Best,

Luke

You can store secrets in a file and load using the method described here:

1 Like

also, some more background, we use a library to read environment files into Go structures. I formally requested them to support the _FILE convention however they did not seem interested. It would certainly help if people voted on / commented on the issue to try and convince them:

1 Like

Thanks! Commented on the issue :+1: