Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Manifest Environment Variable

    Support
    4
    11
    578
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      paul.toone last edited by

      I was looking on the form to see if there was a way to add a custom environment variable via the manifest file. I have a container for a custom app that has one component that needs to be kept private. I am posting the image publicly on docker hub and would generally put this variable in via the Dockerfile but since it's public, I'd like to keep this one component secret.

      So, is there a way to set a custom environment variable from the manifest file?

      BrutalBirdie mehdi 2 Replies Last reply Reply Quote 0
      • BrutalBirdie
        BrutalBirdie Staff @paul.toone last edited by

        @paul-toone sound a lot like you want to protect a software key or sort of.
        I am unsure if this is possible.

        Like my work? Consider donating a beer 🍻 Cheers!

        P 1 Reply Last reply Reply Quote 0
        • P
          paul.toone @BrutalBirdie last edited by

          @brutalbirdie Close, it's the apps salt password.

          BrutalBirdie 1 Reply Last reply Reply Quote 0
          • BrutalBirdie
            BrutalBirdie Staff @paul.toone last edited by

            @paul-toone and the salt password is unique for every instance you deploy with your custom app, right?

            Like my work? Consider donating a beer 🍻 Cheers!

            P 1 Reply Last reply Reply Quote 0
            • P
              paul.toone @BrutalBirdie last edited by

              @brutalbirdie I'm moving an app that is already in production, so my salt doesn't change; but I don't want it out in public. For every new install, yes, the salt is unique.

              1 Reply Last reply Reply Quote 0
              • mehdi
                mehdi App Dev @paul.toone last edited by

                @paul-toone What you should do in this case is use the localstorage addon, then store the secret in question in /app/data in a file. If it's a salt, you can also generate it on the first run if the file in question does not exist.

                Example from the start.sh of one of my apps:

                if [ ! -f /app/data/session.secret ]; then
                  dd if=/dev/urandom bs=256 count=1 | base64 > /app/data/session.secret
                fi
                
                P 1 Reply Last reply Reply Quote 2
                • P
                  paul.toone @mehdi last edited by

                  @mehdi I was hoping it could be done on deployment. Currently, I just have to go in from the host, edit the salt in the local storage add-on I'm using.

                  But, I know Cloudron is mostly for new apps, not migrating existing apps over, so I figured it would not be possible in the manifest file.

                  girish 1 Reply Last reply Reply Quote 0
                  • girish
                    girish Staff @paul.toone last edited by

                    @paul-toone The start.sh "pattern" is like this - https://git.cloudron.io/cloudron/rocketchat-app/-/blob/master/Dockerfile#L34 . It's set as the CMD in Dockerfile. So when the app deploys, it runs as the first thing and the code that @mehdi posted would then generate the secret and save it in the app store. So, it's automated as part of the deployment.

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      paul.toone @girish last edited by

                      @girish Right, but this is a container that is a migration with an existing salt. It's alright, I can just manually put the salt in as I have to restore the pgsql each time I deploy to test anyway. I appreciate the response though.

                      girish 1 Reply Last reply Reply Quote 0
                      • girish
                        girish Staff @paul.toone last edited by

                        @paul-toone Don't know if this helps your automated install but there is a CLI command cloudron push <file> /app/data/session.secret that can help you copy a file into the app's local storage. You can also use cloudron exec -- bash -c "echo 'mysecret' > /app/data/session.secret"

                        P 1 Reply Last reply Reply Quote 0
                        • P
                          paul.toone @girish last edited by

                          @girish Thank you for those commands. I think I'll just use the cloudron push after I run cloudron install on my image server.

                          Also, not sure if there is a specific way to go about this but I could strip this down a bit to have a base install for the app if it's of use to the Cloudron community. I'm sure it would have to be polished by the devs but it is an install for Timetrex CE which is a timeclock software that our company uses.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Powered by NodeBB