Add DB_URL_FILE and DB_PASSWORD_FILE (#629)

This allows passing sensitive DB passwords through files instead of environment variables. This makes collector work better with [systemd credentials](https://systemd.io/CREDENTIALS/) and NixOS flakes. Fixes #540 --------- Co-authored-by: Philip Munksgaard <[email protected]>
pganalyze · Nov 12, 2024 · c8032bb · c8032bb
1 parent 573d357
commit c8032bb
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/config/config.go b/config/config.go
@@ -47,9 +47,11 @@ type ServerConfig struct {
 	EnableLogExplain bool `ini:"enable_log_explain"`
 
 	DbURL                 string `ini:"db_url"`
+	DbURLFile             string `ini:"db_url_file"`
 	DbName                string `ini:"db_name"`
 	DbUsername            string `ini:"db_username"`
 	DbPassword            string `ini:"db_password"`
+	DbPasswordFile        string `ini:"db_password_file"`
 	DbHost                string `ini:"db_host"`
 	DbPort                int    `ini:"db_port"`
 	DbSslMode             string `ini:"db_sslmode"`

diff --git a/config/read.go b/config/read.go
@@ -101,6 +101,9 @@ func getDefaultConfig() *ServerConfig {
 	if dbURL := os.Getenv("DB_URL"); dbURL != "" {
 		config.DbURL = dbURL
 	}
+	if dbURLFile := os.Getenv("DB_URL_FILE"); dbURLFile != "" {
+		config.DbURLFile = dbURLFile
+	}
 	if dbName := os.Getenv("DB_NAME"); dbName != "" {
 		config.DbName = dbName
 	}
@@ -113,6 +116,9 @@ func getDefaultConfig() *ServerConfig {
 	if dbPassword := os.Getenv("DB_PASSWORD"); dbPassword != "" {
 		config.DbPassword = dbPassword
 	}
+	if dbPasswordFile := os.Getenv("DB_PASSWORD_FILE"); dbPasswordFile != "" {
+		config.DbPasswordFile = dbPasswordFile
+	}
 	if dbHost := os.Getenv("DB_HOST"); dbHost != "" {
 		config.DbHost = dbHost
 	}
@@ -625,6 +631,26 @@ func preprocessConfig(config *ServerConfig) (*ServerConfig, error) {
 		config.DbExtraNames = dbNameParts[1:]
 	}
 
+	if config.DbURL == "" && config.DbURLFile != "" {
+		dbURL, err := os.ReadFile(config.DbURLFile)
+
+		if err != nil {
+			return config, err
+		}
+
+		config.DbURL = strings.TrimSpace(string(dbURL))
+	}
+
+	if config.DbPassword == "" && config.DbPasswordFile != "" {
+		dbPassword, err := os.ReadFile(config.DbPasswordFile)
+
+		if err != nil {
+			return config, err
+		}
+
+		config.DbPassword = strings.TrimSpace(string(dbPassword))
+	}
+
 	if config.DbSslRootCertContents != "" {
 		config.DbSslRootCert, err = writeValueToTempfile(config.DbSslRootCertContents)
 		if err != nil {