entrypoint: Map all zulip__ secrets to zulip-secrets.conf.

Author: alexmv

compose.yaml

@@ -120,12 +120,6 @@ services:
       SETTING_MEMCACHED_LOCATION: "memcached:11211"
       SETTING_RABBITMQ_HOST: "rabbitmq"
       SETTING_REDIS_HOST: "redis"
-      SECRETS_postgres_password_FILE: /run/secrets/zulip__postgres_password
-      SECRETS_memcached_password_FILE: /run/secrets/zulip__memcached_password
-      SECRETS_rabbitmq_password_FILE: /run/secrets/zulip__rabbitmq_password
-      SECRETS_redis_password_FILE: /run/secrets/zulip__redis_password
-      SECRETS_secret_key_FILE: /run/secrets/zulip__secret_key
-      SECRETS_email_password_FILE: /run/secrets/zulip__email_password
       SETTING_EXTERNAL_HOST: "localhost.localdomain"
       SETTING_ZULIP_ADMINISTRATOR: "admin@example.com"
       SETTING_EMAIL_HOST: "" # e.g. smtp.example.com

entrypoint.sh

@@ -289,6 +289,24 @@ secretsConfiguration() {
         echo "Setting $SECRET_KEY from environment variable $key"
         crudini --set "$DATA_DIR/zulip-secrets.conf" "secrets" "${SECRET_KEY}" "${SECRET_VAR}"
     done
+    # Secrets detected in /run/secrets/ override those via env vars
+    shopt -s nullglob
+    local secrets_path
+    for secrets_path in /run/secrets/zulip__*; do
+        local secrets_filename
+        secrets_filename="$(basename "$secrets_path")"
+        local SECRET_KEY="${secrets_filename#zulip__}"
+        local SECRET_VAR
+        SECRET_VAR="$(cat "$secrets_path")"
+        if [ -z "$SECRET_VAR" ]; then
+            echo "Empty secret for key \"$SECRET_KEY\"."
+        elif [[ "$SECRET_VAR" =~ $'\n' ]]; then
+            echo "ERROR: Secret \"$SECRET_KEY\" contains a newline!"
+            exit 1
+        fi
+        echo "Setting $SECRET_KEY from secret in $secrets_path"
+        crudini --set "$DATA_DIR/zulip-secrets.conf" "secrets" "${SECRET_KEY}" "${SECRET_VAR}"
+    done
     echo "Zulip secrets configuration succeeded."
 }
 databaseConfiguration() {