~xenrox/ntfy-alertmanager#23: 
Support reading values from files?

Status
RESOLVED CLOSED
Submitter
~xenrox
Assigned to
No-one
Submitted
26 days ago
Updated
22 days ago
Labels
codeberg-mirror enhancement

~xenrox 26 days ago

nogweii:

I'm not sure what the best approach is for this, perhaps prefixing a string with "file:" turns the rest into a path to read from? In particular, the ntfy access token and redis URI.

Intention: I want to deploy ntfy-alertmanager to my Kubernetes cluster, and it would be most idiomatic if I could mount a Secret and it's values into a subdirectory.

~xenrox 26 days ago

xenrox:

Checking strings for a file: prefix sounds a bit too unclean to me, because in theory it could be possible that a random generated secret/password starts with "file:".

I have a few other ideas that could work. From favourite to least favourite:

  • Rework config file parsing, so that every value can be read from an environment variable as well (e.g. NA_NTFY_ACCESS_TOKEN). See this issue for reference. Should be easy to integrate with k8s/helm.
  • Allow to include a second config file in the main config. This could then contain your secrets.
  • Offer the option to read settings from files with a new config option, e.g. access-token-file.

Would any of these solve your issue/make deployment easier?

~xenrox 22 days ago

nogweii:

I personally prefer option two or three, as that mitigates the risk of secrets being added to all processes spawned in the container. (Not that it is a particularly high risk when talking about Kubernetes, though.)

Any of those choices would 100% work for me.

~xenrox REPORTED CLOSED 22 days ago

Thorben Günther referenced this ticket in commit 6c2521e.

~xenrox 22 days ago

xenrox:

I have implemented the second solution. Can you take a look at the example configuration file if everything is clear and check if it works as expected?

Register here or Log in to comment, or comment via email.