diff --git a/CHANGELOG.md b/CHANGELOG.md index d70ef5833..ad3c7b087 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,8 @@ and this project adheres to - ✅(frontend) Improve tests coverage - ⬆️(docker) upgrade backend image to python 3.13 #973 - ⬆️(docker) upgrade node images to alpine 3.21 - +- ✨(backend) support `_FILE` environment variables for secrets #912 +- ✨(frontend) support `_FILE` environment variables for secrets #912 ### Removed diff --git a/src/backend/impress/settings.py b/src/backend/impress/settings.py index 571d7052d..23c75a984 100755 --- a/src/backend/impress/settings.py +++ b/src/backend/impress/settings.py @@ -18,6 +18,7 @@ import sentry_sdk from configurations import Configuration, values +from lasuite.configuration.values import SecretFileValue from sentry_sdk.integrations.django import DjangoIntegration from sentry_sdk.integrations.logging import ignore_logger @@ -65,7 +66,7 @@ class Base(Configuration): # Security ALLOWED_HOSTS = values.ListValue([]) - SECRET_KEY = values.Value(None) + SECRET_KEY = SecretFileValue(None) SERVER_TO_SERVER_API_TOKENS = values.ListValue([]) # Application definition @@ -84,7 +85,7 @@ class Base(Configuration): "impress", environ_name="DB_NAME", environ_prefix=None ), "USER": values.Value("dinum", environ_name="DB_USER", environ_prefix=None), - "PASSWORD": values.Value( + "PASSWORD": SecretFileValue( "pass", environ_name="DB_PASSWORD", environ_prefix=None ), "HOST": values.Value( @@ -122,10 +123,10 @@ class Base(Configuration): AWS_S3_ENDPOINT_URL = values.Value( environ_name="AWS_S3_ENDPOINT_URL", environ_prefix=None ) - AWS_S3_ACCESS_KEY_ID = values.Value( + AWS_S3_ACCESS_KEY_ID = SecretFileValue( environ_name="AWS_S3_ACCESS_KEY_ID", environ_prefix=None ) - AWS_S3_SECRET_ACCESS_KEY = values.Value( + AWS_S3_SECRET_ACCESS_KEY = SecretFileValue( environ_name="AWS_S3_SECRET_ACCESS_KEY", environ_prefix=None ) AWS_S3_REGION_NAME = values.Value( @@ -384,7 +385,7 @@ class Base(Configuration): EMAIL_BRAND_NAME = values.Value(None) EMAIL_HOST = values.Value(None) EMAIL_HOST_USER = values.Value(None) - EMAIL_HOST_PASSWORD = values.Value(None) + EMAIL_HOST_PASSWORD = SecretFileValue(None) EMAIL_LOGO_IMG = values.Value(None) EMAIL_PORT = values.PositiveIntegerValue(None) EMAIL_USE_TLS = values.BooleanValue(False) @@ -407,7 +408,7 @@ class Base(Configuration): COLLABORATION_API_URL = values.Value( None, environ_name="COLLABORATION_API_URL", environ_prefix=None ) - COLLABORATION_SERVER_SECRET = values.Value( + COLLABORATION_SERVER_SECRET = SecretFileValue( None, environ_name="COLLABORATION_SERVER_SECRET", environ_prefix=None ) COLLABORATION_WS_URL = values.Value( @@ -477,7 +478,7 @@ class Base(Configuration): OIDC_RP_CLIENT_ID = values.Value( "impress", environ_name="OIDC_RP_CLIENT_ID", environ_prefix=None ) - OIDC_RP_CLIENT_SECRET = values.Value( + OIDC_RP_CLIENT_SECRET = SecretFileValue( None, environ_name="OIDC_RP_CLIENT_SECRET", environ_prefix=None, @@ -592,7 +593,7 @@ class Base(Configuration): AI_FEATURE_ENABLED = values.BooleanValue( default=False, environ_name="AI_FEATURE_ENABLED", environ_prefix=None ) - AI_API_KEY = values.Value(None, environ_name="AI_API_KEY", environ_prefix=None) + AI_API_KEY = SecretFileValue(None, environ_name="AI_API_KEY", environ_prefix=None) AI_BASE_URL = values.Value(None, environ_name="AI_BASE_URL", environ_prefix=None) AI_MODEL = values.Value(None, environ_name="AI_MODEL", environ_prefix=None) AI_ALLOW_REACH_FROM = values.Value( @@ -613,7 +614,7 @@ class Base(Configuration): } # Y provider microservice - Y_PROVIDER_API_KEY = values.Value( + Y_PROVIDER_API_KEY = SecretFileValue( environ_name="Y_PROVIDER_API_KEY", environ_prefix=None, ) diff --git a/src/backend/pyproject.toml b/src/backend/pyproject.toml index c4f88170e..c34bfe230 100644 --- a/src/backend/pyproject.toml +++ b/src/backend/pyproject.toml @@ -33,7 +33,7 @@ dependencies = [ "django-cors-headers==4.7.0", "django-countries==7.6.1", "django-filter==25.1", - "django-lasuite[all]==0.0.8", + "django-lasuite[all]==0.0.9", "django-parler==2.3", "django-redis==5.4.0", "django-storages[s3]==1.14.6", diff --git a/src/frontend/servers/y-provider/src/env.ts b/src/frontend/servers/y-provider/src/env.ts index fe281930d..e0e02cf5a 100644 --- a/src/frontend/servers/y-provider/src/env.ts +++ b/src/frontend/servers/y-provider/src/env.ts @@ -1,11 +1,16 @@ +import { readFileSync } from 'fs'; + export const COLLABORATION_LOGGING = process.env.COLLABORATION_LOGGING || 'false'; export const COLLABORATION_SERVER_ORIGIN = process.env.COLLABORATION_SERVER_ORIGIN || 'http://localhost:3000'; -export const COLLABORATION_SERVER_SECRET = - process.env.COLLABORATION_SERVER_SECRET || 'secret-api-key'; -export const Y_PROVIDER_API_KEY = - process.env.Y_PROVIDER_API_KEY || 'yprovider-api-key'; +export const COLLABORATION_SERVER_SECRET = process.env + .COLLABORATION_SERVER_SECRET_FILE + ? readFileSync(process.env.COLLABORATION_SERVER_SECRET_FILE, 'utf-8') + : process.env.COLLABORATION_SERVER_SECRET || 'secret-api-key'; +export const Y_PROVIDER_API_KEY = process.env.Y_PROVIDER_API_KEY_FILE + ? readFileSync(process.env.Y_PROVIDER_API_KEY_FILE, 'utf-8') + : process.env.Y_PROVIDER_API_KEY || 'yprovider-api-key'; export const PORT = Number(process.env.PORT || 4444); export const SENTRY_DSN = process.env.SENTRY_DSN || ''; export const COLLABORATION_BACKEND_BASE_URL =