hasura/graphql-engine

Add support for Docker Secrets by reading secrets files

Open

#3.989 aberto em 2 de mar. de 2020

Ver no GitHub
 (19 comments) (27 reactions) (1 assignee)TypeScript (2.787 forks)batch import
a/securityc/serverhelp wantedk/enhancement

Métricas do repositório

Stars
 (31.371 stars)
Métricas de merge de PR
 (Nenhuma PRs mesclada em 30d)

Description

Currently, the only way to pass secrets (DB credentials, Hasura admin secret) to Hasura is only by environment variables. For users of Docker Compose or Docker Swarm, this means these secrets have to be stored in plaintext, which presents security risks.

It would be great to build support for Docker Secrets (or even Vault), by adding the following environment variables, as recommended by Docker:

  • HASURA_GRAPHQL_ACCESS_KEY_FILE
  • HASURA_GRAPHQL_DATABASE_URL_FILE

If these variables are present, the access key and DB URL should be read from the corresponding files.

Docs: https://docs.docker.com/engine/swarm/secrets/#build-support-for-docker-secrets-into-your-images

Guia do colaborador