Docker secrets: mention in documentation and CHANGELOG.md

processone · Feb 18, 2024 · c89189a · c89189a
1 parent d64519e
commit c89189a
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,8 @@ project adheres to [Semantic Versioning][SemVer].
 - Docker: Offer a container `VARIANT` which includes the `acme.sh` cert creation
   script. The variant has a tag suffix `-acme` or just `acme` as `latest`
   synonym and can be configured with environment variables.
+- Docker: Add Docker secrets support. Any environment variable with a `__FILE`
+  suffix is treated as a Docker secret. (#64)
 
 ### Changed
 - Binary release: Update Erlang/OTP from 26.0.2 to 26.2.2.
@@ -72,7 +74,7 @@ project adheres to [Semantic Versioning][SemVer].
 - Include the `ssl` library with non-distro builds, as it's required for
   enabling TLS for the `mod_stats_prometheus` endpoint.
 - Docker: Include libcap libraries into the image to enable binding to
-  privileged ports (<1024) directly.  
+  privileged ports (<1024) directly.
   Hint: Depending on the container runtime in use, if the `docker run` option
   `--cap-drop=ALL` is used, `CAP_NET_BIND_SERVICE` may be included again to make
   the container work (see examples).

diff --git a/doc/CONTAINER-ACME.md b/doc/CONTAINER-ACME.md
@@ -23,17 +23,6 @@ or by simply mounting an `eturnal.yml` configuration file (recommended).
 All [usage and configuration aspects](https://github.com/processone/eturnal/tree/master/doc/CONTAINER.md)
 from the standalone variant apply to this version.
 
-**Note:** All variables can be defined as secrets with a `__FILE` suffix:
-
-```shell
-printf "secret" | podman secret create cf_token -
-podman run \
-    ... \
-    --secret cf_token \
-    -e CF_Token__FILE='/run/secrets/cf_token' \
-  ghcr.io/processone/eturnal:acme
-```
-
 ### ACME options
 
 | Name  | Description  |  Default value | Additional notes  |

diff --git a/doc/CONTAINER.md b/doc/CONTAINER.md
@@ -158,6 +158,17 @@ set to `stdout` in `eturnal.yml`.
   Hint: Newer [Docker](https://github.com/moby/moby/pull/41030) versions set
   this option during install already.
 
+**Note:** All variables can be defined as secrets with a `__FILE` suffix:
+
+```shell
+printf "secret" | podman secret create eturnal_secret -
+podman run \
+    ... \
+    --secret eturnal_secret \
+    -e ETURNAL_SECRET__FILE='/run/secrets/eturnal_secret' \
+  ghcr.io/processone/eturnal:latest
+```
+
 ### Custom TLS certificates and dh-parameter file
 
 To use eturnal's TLS listener with cutsom TLS certificates/dh-parameter files