Add function to load secret/password from file for security (#25)

New feature: Load SMTP password from file to avoid using env variables.
This commit is contained in:
dabde 2020-06-19 23:52:21 +02:00 committed by GitHub
parent 74ea38cd6e
commit af1f46641b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 12 additions and 2 deletions

View file

@ -8,7 +8,7 @@
# Mandatory: Username to authenticate with.
#SMTP_USERNAME=
# Mandatory: Password of the SMTP user.
# Mandatory: Password of the SMTP user. (Not needed if SMTP_PASSWORD_FILE is used)
#SMTP_PASSWORD=
# Mandatory: Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
@ -19,3 +19,6 @@
# Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers.
#SMTP_NETWORKS=
# Optional: Set this to a mounted file containing the password, to avoid passwords in env variables.
#SMTP_PASSWORD_FILE=

View file

@ -41,7 +41,7 @@ The following env variables need to be passed to the container:
* `SMTP_SERVER` Server address of the SMTP server to use.
* `SMTP_PORT` (Optional, Default value: 587) Port address of the SMTP server to use.
* `SMTP_USERNAME` Username to authenticate with.
* `SMTP_PASSWORD` Password of the SMTP user.
* `SMTP_PASSWORD` Password of the SMTP user. If `SMTP_PASSWORD_FILE` is set, not needed.
* `SERVER_HOSTNAME` Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
The following env variable(s) are optional.
@ -50,6 +50,10 @@ The following env variable(s) are optional.
* `SMTP_NETWORKS` Setting this will allow you to add additional, comma seperated, subnets to use the relay. Used like
-e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx'
* `SMTP_PASSWORD_FILE` Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like
-e SMTP_PASSWORD_FILE=/secrets/smtp_password
-v $(pwd)/secrets/:/secrets/
To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server:
docker run -d --name postfix -p "25:25" \

3
run.sh
View file

@ -13,6 +13,9 @@ function add_config_value() {
postconf -e "${key} = ${value}"
}
# Read password from file to avoid unsecure env variables
if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -f "${SMTP_PASSWORD_FILE}" ] && read SMTP_PASSWORD < ${SMTP_PASSWORD_FILE} || echo "SMTP_PASSWORD_FILE defined, but file not existing, skipping."; fi
[ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1
[ -z "${SMTP_USERNAME}" ] && echo "SMTP_USERNAME is not set" && exit 1
[ -z "${SMTP_PASSWORD}" ] && echo "SMTP_PASSWORD is not set" && exit 1