Add function to load secret/password from file for security (#25)
New feature: Load SMTP password from file to avoid using env variables.
This commit is contained in:
parent
1e0e3be0b6
commit
39ac3ab672
3 changed files with 12 additions and 2 deletions
|
@ -8,7 +8,7 @@
|
||||||
# Mandatory: Username to authenticate with.
|
# Mandatory: Username to authenticate with.
|
||||||
#SMTP_USERNAME=
|
#SMTP_USERNAME=
|
||||||
|
|
||||||
# Mandatory: Password of the SMTP user.
|
# Mandatory: Password of the SMTP user. (Not needed if SMTP_PASSWORD_FILE is used)
|
||||||
#SMTP_PASSWORD=
|
#SMTP_PASSWORD=
|
||||||
|
|
||||||
# Mandatory: Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
|
# Mandatory: Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
|
||||||
|
@ -19,3 +19,6 @@
|
||||||
|
|
||||||
# Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers.
|
# Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers.
|
||||||
#SMTP_NETWORKS=
|
#SMTP_NETWORKS=
|
||||||
|
|
||||||
|
# Optional: Set this to a mounted file containing the password, to avoid passwords in env variables.
|
||||||
|
#SMTP_PASSWORD_FILE=
|
|
@ -41,7 +41,7 @@ The following env variables need to be passed to the container:
|
||||||
* `SMTP_SERVER` Server address of the SMTP server to use.
|
* `SMTP_SERVER` Server address of the SMTP server to use.
|
||||||
* `SMTP_PORT` (Optional, Default value: 587) Port address of the SMTP server to use.
|
* `SMTP_PORT` (Optional, Default value: 587) Port address of the SMTP server to use.
|
||||||
* `SMTP_USERNAME` Username to authenticate with.
|
* `SMTP_USERNAME` Username to authenticate with.
|
||||||
* `SMTP_PASSWORD` Password of the SMTP user.
|
* `SMTP_PASSWORD` Password of the SMTP user. If `SMTP_PASSWORD_FILE` is set, not needed.
|
||||||
* `SERVER_HOSTNAME` Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
|
* `SERVER_HOSTNAME` Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
|
||||||
|
|
||||||
The following env variable(s) are optional.
|
The following env variable(s) are optional.
|
||||||
|
@ -50,6 +50,10 @@ The following env variable(s) are optional.
|
||||||
* `SMTP_NETWORKS` Setting this will allow you to add additional, comma seperated, subnets to use the relay. Used like
|
* `SMTP_NETWORKS` Setting this will allow you to add additional, comma seperated, subnets to use the relay. Used like
|
||||||
-e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx'
|
-e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx'
|
||||||
|
|
||||||
|
* `SMTP_PASSWORD_FILE` Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like
|
||||||
|
-e SMTP_PASSWORD_FILE=/secrets/smtp_password
|
||||||
|
-v $(pwd)/secrets/:/secrets/
|
||||||
|
|
||||||
To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server:
|
To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server:
|
||||||
|
|
||||||
docker run -d --name postfix -p "25:25" \
|
docker run -d --name postfix -p "25:25" \
|
||||||
|
|
3
run.sh
3
run.sh
|
@ -13,6 +13,9 @@ function add_config_value() {
|
||||||
postconf -e "${key} = ${value}"
|
postconf -e "${key} = ${value}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Read password from file to avoid unsecure env variables
|
||||||
|
if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -f "${SMTP_PASSWORD_FILE}" ] && read SMTP_PASSWORD < ${SMTP_PASSWORD_FILE} || echo "SMTP_PASSWORD_FILE defined, but file not existing, skipping."; fi
|
||||||
|
|
||||||
[ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1
|
[ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1
|
||||||
[ -z "${SMTP_USERNAME}" ] && echo "SMTP_USERNAME is not set" && exit 1
|
[ -z "${SMTP_USERNAME}" ] && echo "SMTP_USERNAME is not set" && exit 1
|
||||||
[ -z "${SMTP_PASSWORD}" ] && echo "SMTP_PASSWORD is not set" && exit 1
|
[ -z "${SMTP_PASSWORD}" ] && echo "SMTP_PASSWORD is not set" && exit 1
|
||||||
|
|
Loading…
Reference in a new issue