Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. How do you manage secrets/credentials during runtime?

How do you manage secrets/credentials during runtime?

Scheduled Pinned Locked Moved Solved Support
secretsenv
12 Posts 4 Posters 2.3k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • saikarthikS Offline
    saikarthikS Offline
    saikarthik
    wrote on last edited by girish
    #1

    I am building a custom Node.js app that makes API requests to a third party application. Where can I store secrets/credentials (API key) I would need during runtime? I do not want to store this in the docker container even in a private repo.

    mehdiM 1 Reply Last reply
    0
    • girishG Offline
      girishG Offline
      girish
      Staff
      wrote on last edited by
      #3

      Putting things /app/data is the preferred approach. Another "hidden" approach is to use "cloudron env" CLI tool. This sets environment variables in an app. For example, cloudron env set FOO=bar. Note that environment variables starting with CLOUDRON_ are reserved for cloudron packaging.

      1 Reply Last reply
      1
      • saikarthikS saikarthik

        I am building a custom Node.js app that makes API requests to a third party application. Where can I store secrets/credentials (API key) I would need during runtime? I do not want to store this in the docker container even in a private repo.

        mehdiM Offline
        mehdiM Offline
        mehdi
        App Dev
        wrote on last edited by
        #2

        @saikarthik Just put it in a file in /app/data that the app reads at runtime

        1 Reply Last reply
        2
        • girishG Offline
          girishG Offline
          girish
          Staff
          wrote on last edited by
          #3

          Putting things /app/data is the preferred approach. Another "hidden" approach is to use "cloudron env" CLI tool. This sets environment variables in an app. For example, cloudron env set FOO=bar. Note that environment variables starting with CLOUDRON_ are reserved for cloudron packaging.

          1 Reply Last reply
          1
          • saikarthikS Offline
            saikarthikS Offline
            saikarthik
            wrote on last edited by saikarthik
            #4

            The Dockerfile entrypoint script (start.sh) executes server.js where Node.js server is initialized and starts "listening" to serve HTTP requests. Before it enters the listening state, I read the secret file from /app/data/secret.txt and set the variables used within this script. In this case, how and when exactly would the /app/data/secret.txt file be created?

            sample server.js:

            "use strict";
            var http = require("http");
            const fs = require('fs')
            
            var API_KEY = ""
            fs.readFile("/app/data/secret.txt",
                {"encoding": "utf8"},
                          function(err, data) {
                 if (err)
                    console.log(err);
                 else {
                    API_KEY = data;
                    console.log("INFO::secret:" + API_KEY)
                }
             });
            
            var server = http.createServer(function (request, response) {
              response.writeHead(200, {"Content-Type": "text/plain"});
              response.end(API_KEY);
            });
            
            server.listen(3000);
            console.log("Server running at port 3000");
            
            mehdiM 1 Reply Last reply
            0
            • saikarthikS saikarthik

              The Dockerfile entrypoint script (start.sh) executes server.js where Node.js server is initialized and starts "listening" to serve HTTP requests. Before it enters the listening state, I read the secret file from /app/data/secret.txt and set the variables used within this script. In this case, how and when exactly would the /app/data/secret.txt file be created?

              sample server.js:

              "use strict";
              var http = require("http");
              const fs = require('fs')
              
              var API_KEY = ""
              fs.readFile("/app/data/secret.txt",
                  {"encoding": "utf8"},
                            function(err, data) {
                   if (err)
                      console.log(err);
                   else {
                      API_KEY = data;
                      console.log("INFO::secret:" + API_KEY)
                  }
               });
              
              var server = http.createServer(function (request, response) {
                response.writeHead(200, {"Content-Type": "text/plain"});
                response.end(API_KEY);
              });
              
              server.listen(3000);
              console.log("Server running at port 3000");
              
              mehdiM Offline
              mehdiM Offline
              mehdi
              App Dev
              wrote on last edited by
              #5

              @saikarthik You can do a condition and display an error if the secret is not present. And after installing the app, you can create the secret file manually with the file manager

              saikarthikS 1 Reply Last reply
              1
              • mehdiM mehdi

                @saikarthik You can do a condition and display an error if the secret is not present. And after installing the app, you can create the secret file manually with the file manager

                saikarthikS Offline
                saikarthikS Offline
                saikarthik
                wrote on last edited by saikarthik
                #6

                @mehdi said in How do you manage secrets/credentials during runtime?:

                @saikarthik You can do a condition and display an error if the secret is not present. And after installing the app, you can create the secret file manually with the file manager

                Is there anyway to automate this?

                mehdiM 1 Reply Last reply
                0
                • saikarthikS saikarthik

                  @mehdi said in How do you manage secrets/credentials during runtime?:

                  @saikarthik You can do a condition and display an error if the secret is not present. And after installing the app, you can create the secret file manually with the file manager

                  Is there anyway to automate this?

                  mehdiM Offline
                  mehdiM Offline
                  mehdi
                  App Dev
                  wrote on last edited by
                  #7

                  @saikarthik What kind of automation are you looking for? I mean if the token in said file is secret, there's gotta be a point where you enter it manually, isn't there?

                  saikarthikS 1 Reply Last reply
                  0
                  • mehdiM mehdi

                    @saikarthik What kind of automation are you looking for? I mean if the token in said file is secret, there's gotta be a point where you enter it manually, isn't there?

                    saikarthikS Offline
                    saikarthikS Offline
                    saikarthik
                    wrote on last edited by saikarthik
                    #8

                    @mehdi I agree. But there are definitely ways like using Terraform Vault or AWS secretsmanger, etc.
                    But I wanted to see how others are doing it and what the easiest way was in the cloudron environment/setup.

                    My devops day job really got me into deploying everything with one-click lol. So just curious, this is not a deal breaker.

                    marcusquinnM 1 Reply Last reply
                    0
                    • saikarthikS saikarthik

                      @mehdi I agree. But there are definitely ways like using Terraform Vault or AWS secretsmanger, etc.
                      But I wanted to see how others are doing it and what the easiest way was in the cloudron environment/setup.

                      My devops day job really got me into deploying everything with one-click lol. So just curious, this is not a deal breaker.

                      marcusquinnM Offline
                      marcusquinnM Offline
                      marcusquinn
                      wrote on last edited by
                      #9

                      @saikarthik Terraform Vault makes most sense. Wouldn't put anything of value on AWS.

                      Web Design https://www.evergreen.je
                      Development https://brandlight.org
                      Life https://marcusquinn.com

                      saikarthikS 1 Reply Last reply
                      1
                      • marcusquinnM marcusquinn

                        @saikarthik Terraform Vault makes most sense. Wouldn't put anything of value on AWS.

                        saikarthikS Offline
                        saikarthikS Offline
                        saikarthik
                        wrote on last edited by
                        #10

                        @marcusquinn I havent worked with Terraform Vault, but are you saying this because AWS secrets manager saves things as plain text?

                        marcusquinnM 1 Reply Last reply
                        0
                        • saikarthikS Offline
                          saikarthikS Offline
                          saikarthik
                          wrote on last edited by
                          #11

                          For anyone who stumbled upon this:
                          I ended up using environment variables instead of using the file in /app/data/ method, since its easier to work with, especially in Node.js so you don't have to worry about the asynchronous/synchronous problem.

                          1 Reply Last reply
                          1
                          • saikarthikS saikarthik

                            @marcusquinn I havent worked with Terraform Vault, but are you saying this because AWS secrets manager saves things as plain text?

                            marcusquinnM Offline
                            marcusquinnM Offline
                            marcusquinn
                            wrote on last edited by
                            #12

                            @saikarthik Nope, I just don't like Amazon's ethics.

                            • https://www.ethicalconsumer.org/company-profile/amazoncom-inc

                            Web Design https://www.evergreen.je
                            Development https://brandlight.org
                            Life https://marcusquinn.com

                            1 Reply Last reply
                            1
                            Reply
                            • Reply as topic
                            Log in to reply
                            • Oldest to Newest
                            • Newest to Oldest
                            • Most Votes


                            • Login

                            • Don't have an account? Register

                            • Login or register to search.
                            • First post
                              Last post
                            0
                            • Categories
                            • Recent
                            • Tags
                            • Popular
                            • Bookmarks
                            • Search