From c8032bb26b80fc27912df9c2a95114a6addf1179 Mon Sep 17 00:00:00 2001
From: Maciek Sakrejda <m.sakrejda@gmail.com>
Date: Tue, 12 Nov 2024 15:56:36 -0800
Subject: [PATCH] Add DB_URL_FILE and DB_PASSWORD_FILE (#629)

This allows passing sensitive DB passwords through files instead of environment
variables. This makes collector work better with [systemd
credentials](https://systemd.io/CREDENTIALS/) and NixOS flakes.

Fixes #540

---------

Co-authored-by: Philip Munksgaard <philip@munksgaard.me>
---
 config/config.go |  2 ++
 config/read.go   | 26 ++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/config/config.go b/config/config.go
index 4180c88dc..8d51dccef 100644
--- a/config/config.go
+++ b/config/config.go
@@ -47,9 +47,11 @@ type ServerConfig struct {
 	EnableLogExplain bool `ini:"enable_log_explain"`
 
 	DbURL                 string `ini:"db_url"`
+	DbURLFile             string `ini:"db_url_file"`
 	DbName                string `ini:"db_name"`
 	DbUsername            string `ini:"db_username"`
 	DbPassword            string `ini:"db_password"`
+	DbPasswordFile        string `ini:"db_password_file"`
 	DbHost                string `ini:"db_host"`
 	DbPort                int    `ini:"db_port"`
 	DbSslMode             string `ini:"db_sslmode"`
diff --git a/config/read.go b/config/read.go
index 65d272baf..cc3a75ad2 100644
--- a/config/read.go
+++ b/config/read.go
@@ -101,6 +101,9 @@ func getDefaultConfig() *ServerConfig {
 	if dbURL := os.Getenv("DB_URL"); dbURL != "" {
 		config.DbURL = dbURL
 	}
+	if dbURLFile := os.Getenv("DB_URL_FILE"); dbURLFile != "" {
+		config.DbURLFile = dbURLFile
+	}
 	if dbName := os.Getenv("DB_NAME"); dbName != "" {
 		config.DbName = dbName
 	}
@@ -113,6 +116,9 @@ func getDefaultConfig() *ServerConfig {
 	if dbPassword := os.Getenv("DB_PASSWORD"); dbPassword != "" {
 		config.DbPassword = dbPassword
 	}
+	if dbPasswordFile := os.Getenv("DB_PASSWORD_FILE"); dbPasswordFile != "" {
+		config.DbPasswordFile = dbPasswordFile
+	}
 	if dbHost := os.Getenv("DB_HOST"); dbHost != "" {
 		config.DbHost = dbHost
 	}
@@ -625,6 +631,26 @@ func preprocessConfig(config *ServerConfig) (*ServerConfig, error) {
 		config.DbExtraNames = dbNameParts[1:]
 	}
 
+	if config.DbURL == "" && config.DbURLFile != "" {
+		dbURL, err := os.ReadFile(config.DbURLFile)
+
+		if err != nil {
+			return config, err
+		}
+
+		config.DbURL = strings.TrimSpace(string(dbURL))
+	}
+
+	if config.DbPassword == "" && config.DbPasswordFile != "" {
+		dbPassword, err := os.ReadFile(config.DbPasswordFile)
+
+		if err != nil {
+			return config, err
+		}
+
+		config.DbPassword = strings.TrimSpace(string(dbPassword))
+	}
+
 	if config.DbSslRootCertContents != "" {
 		config.DbSslRootCert, err = writeValueToTempfile(config.DbSslRootCertContents)
 		if err != nil {