From 7877e0d205544b7fd92670687c9ec29598cefa3c Mon Sep 17 00:00:00 2001 From: kitingChris Date: Mon, 10 Apr 2023 03:12:49 +0200 Subject: [PATCH 1/2] adding support for docker secrets Reads the requirepass password from a docker secrets file --- docker-entrypoint.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 30406a51..8d000887 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -7,6 +7,14 @@ if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then set -- redis-server "$@" fi +# if secret REDIS_PASSWORD exists or REDIS_PASSWORD_FILE is set use content for requirepass +if [ "$1" = 'redis-server' -a -s "${REDIS_PASSWORD_FILE:=/run/secrets/REDIS_PASSWORD}" ]; then + if ! printf '%s\n' "$@" | grep -Fqe "--requirepass"; then + REDIS_PASSWORD=$(cat "${REDIS_PASSWORD_FILE}") + set -- "$@" --requirepass "${REDIS_PASSWORD}" + fi +fi + # allow the container to be started with `--user` if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then find . \! -user redis -exec chown redis '{}' + From f5f107dae5944e514a8179f4b1a7cd0338b094ab Mon Sep 17 00:00:00 2001 From: kitingChris Date: Mon, 10 Apr 2023 03:18:23 +0200 Subject: [PATCH 2/2] updated Readme.md for secrets usage --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index b3dea943..fb669940 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,25 @@ For more information about the full official images change lifecycle, see [the " For outstanding `redis` image PRs, check [PRs with the "library/redis" label on the official-images repository](https://github.com/docker-library/official-images/labels/library%2Fredis). For the current "source of truth" for [`redis`](https://hub.docker.com/_/redis/), see [the `library/redis` file in the official-images repository](https://github.com/docker-library/official-images/blob/master/library/redis). +## Docker secrets +To pass the value for `--requirepass` password in a secure way docker secrets can be used. + +``` +version: '3' +services: + redis: + image: redis:alpine + environment: + - REDIS_PASSWORD_FILE=/run/secrets/REDIS_PASSWORD + secrets: + - REDIS_PASSWORD + +secrets: + REDIS_PASSWORD: + file: ./.secrets/REDIS_PASSWORD +``` +Default for REDIS_PASSWORD_FILE is already `/run/secrets/REDIS_PASSWORD`. It is therefore here optional if the secret is named `REDIS_PASSWORD` + --- - [![build status badge](https://img.shields.io/github/actions/workflow/status/docker-library/redis/ci.yml?branch=master&label=GitHub%20CI)](https://github.com/docker-library/redis/actions?query=workflow%3A%22GitHub+CI%22+branch%3Amaster)