bootstrap encryption key

2021-12-02 16:42:14 +13:00
parent ecfa1e4f19
commit 24646594b6
5 changed files with 24 additions and 0 deletions
--- a/api/cli/cli.go
+++ b/api/cli/cli.go
@@ -56,6 +56,7 @@ func (*Service) ParseFlags(version string) (*portainer.CLIFlags, error) {
 		Logo:                      kingpin.Flag("logo", "URL for the logo displayed in the UI").String(),
 		Templates:                 kingpin.Flag("templates", "URL to the templates definitions.").Short('t').String(),
 		BaseURL:                   kingpin.Flag("base-url", "Base URL parameter such as portainer if running portainer as http://yourdomain.com/portainer/.").Short('b').Default(defaultBaseURL).String(),
+		SecretKeyName:             kingpin.Flag("secret-key-name", "Secret key name for encryption").Default(defaultSecretKeyName).String(),
 	}

 	kingpin.Parse()
--- a/api/cli/defaults.go
+++ b/api/cli/defaults.go
@@ -21,4 +21,5 @@ const (
 	defaultSSLKeyPath          = "/certs/portainer.key"
 	defaultSnapshotInterval    = "5m"
 	defaultBaseURL             = "/"
+	defaultSecretKeyName       = "portainer"
 )
--- a/api/cli/defaults_windows.go
+++ b/api/cli/defaults_windows.go
@@ -18,4 +18,5 @@ const (
 	defaultSSLKeyPath          = "C:\\certs\\portainer.key"
 	defaultSnapshotInterval    = "5m"
 	defaultBaseURL             = "/"
+	defaultSecretKeyName       = "portainer"
 )
--- a/api/cmd/portainer/main.go
+++ b/api/cmd/portainer/main.go
@@ -487,10 +487,30 @@ func initEndpoint(flags *portainer.CLIFlags, dataStore dataservices.DataStore, s
 	return createUnsecuredEndpoint(*flags.EndpointURL, dataStore, snapshotService)
 }

+func initSecretKey(fileName string) string {
+	ok, _ := filesystem.FileExists("/run/secrets/" + fileName)
+	if !ok {
+		log.Println(fmt.Sprintf("encryption secret file `%s` does not exists", fileName))
+		return ""
+	}
+
+	content, err := os.ReadFile("/run/secrets/" + fileName)
+	if err != nil {
+		log.Println(fmt.Sprintf("error reading encryption key file: %s", err.Error()))
+		return ""
+	}
+
+	return string(content)
+}
+
 func buildServer(flags *portainer.CLIFlags) portainer.Server {
 	shutdownCtx, shutdownTrigger := context.WithCancel(context.Background())

 	fileService := initFileService(*flags.Data)
+	encryptionKey := initSecretKey(*flags.SecretKeyName)
+	if encryptionKey == "" {
+		log.Println("proceeding without encryption key")
+	}

 	dataStore := initDataStore(flags, fileService, shutdownCtx)

--- a/api/portainer.go
+++ b/api/portainer.go
@@ -96,6 +96,7 @@ type (
 		Rollback                  *bool
 		SnapshotInterval          *string
 		BaseURL                   *string
+		SecretKeyName             *string
 	}

 	// CustomTemplate represents a custom template