Use docker secrets

2025-12-10 15:02:42 +01:00 · 2024-10-29 19:17:44 +01:00
parent 1191b6120e
commit abcb0d0fe3
2 changed files with 66 additions and 13 deletions
--- a/src/wp-utils/wp-generate-salts
+++ b/src/wp-utils/wp-generate-salts
@@ -1,13 +1,22 @@
 #!/usr/bin/env bash

 main() {
+    local secretsDir="${DOCKER_SECRETS_DIR:-./.secrets}"
    local keys=("AUTH_KEY" "SECURE_AUTH_KEY" "LOGGED_IN_KEY" "NONCE_KEY" "AUTH_SALT" "SECURE_AUTH_SALT" "LOGGED_IN_SALT" "NONCE_SALT")
-    local key
-    local value
+
+    mkdir -p "${secretsDir}"

    for key in "${keys[@]}"; do
        value="$(src/wp-utils/wp-generate-salt 64)"
-        echo "WORDPRESS_${key}='${value}'"
+        secretName="wordpress_${key,,}"
+        secretFile="${secretsDir}/${secretName}"
+
+        if [ -f "${secretFile}" ]; then
+            printf "Warning: Secret %s already exists and will be overwritten\n" "${secretName}"
+        fi
+
+        printf "Secret %s: Wrote %d bytes to %s\n" "${secretName}" "${#value}" "${secretFile}"
+        printf "%s" "${value}" > "${secretFile}"
    done
 }