Manifest Environment Variable
-
@paul-toone sound a lot like you want to protect a software key or sort of.
I am unsure if this is possible. -
@brutalbirdie Close, it's the apps salt password.
-
@paul-toone and the salt password is unique for every instance you deploy with your custom app, right?
-
@brutalbirdie I'm moving an app that is already in production, so my salt doesn't change; but I don't want it out in public. For every new install, yes, the salt is unique.
-
@paul-toone What you should do in this case is use the
localstorageaddon, then store the secret in question in/app/datain a file. If it's a salt, you can also generate it on the first run if the file in question does not exist.Example from the
start.shof one of my apps:if [ ! -f /app/data/session.secret ]; then dd if=/dev/urandom bs=256 count=1 | base64 > /app/data/session.secret fi -
@mehdi I was hoping it could be done on deployment. Currently, I just have to go in from the host, edit the salt in the local storage add-on I'm using.
But, I know Cloudron is mostly for new apps, not migrating existing apps over, so I figured it would not be possible in the manifest file.
-
@paul-toone The
start.sh"pattern" is like this - https://git.cloudron.io/cloudron/rocketchat-app/-/blob/master/Dockerfile#L34 . It's set as the CMD in Dockerfile. So when the app deploys, it runs as the first thing and the code that @mehdi posted would then generate the secret and save it in the app store. So, it's automated as part of the deployment. -
@girish Right, but this is a container that is a migration with an existing salt. It's alright, I can just manually put the salt in as I have to restore the pgsql each time I deploy to test anyway. I appreciate the response though.
-
@paul-toone Don't know if this helps your automated install but there is a CLI command
cloudron push <file> /app/data/session.secretthat can help you copy a file into the app's local storage. You can also usecloudron exec -- bash -c "echo 'mysecret' > /app/data/session.secret" -
@girish Thank you for those commands. I think I'll just use the cloudron push after I run cloudron install on my image server.
Also, not sure if there is a specific way to go about this but I could strip this down a bit to have a base install for the app if it's of use to the Cloudron community. I'm sure it would have to be polished by the devs but it is an install for Timetrex CE which is a timeclock software that our company uses.
