dev: make database password a secret
This commit is contained in:
parent
36882aa3b7
commit
2eb686ef41
5 changed files with 19 additions and 4 deletions
1
srcs/.env
Normal file
1
srcs/.env
Normal file
|
@ -0,0 +1 @@
|
|||
DATABASE_PWD=SuperComplexDatabasePassword
|
|
@ -20,16 +20,24 @@ services:
|
|||
depends_on:
|
||||
mariadb:
|
||||
condition: service_healthy
|
||||
secrets:
|
||||
- database-pwd
|
||||
|
||||
mariadb:
|
||||
build: ./requirements/mariadb
|
||||
volumes:
|
||||
- db:/db:rw
|
||||
secrets:
|
||||
- database-pwd
|
||||
|
||||
volumes:
|
||||
www:
|
||||
db:
|
||||
|
||||
secrets:
|
||||
database-pwd:
|
||||
environment: "DATABASE_PWD"
|
||||
|
||||
### services ###
|
||||
# image:
|
||||
# build:
|
||||
|
|
|
@ -10,7 +10,6 @@ RUN mkdir -p /etc/my.cnf.d/
|
|||
COPY conf/mariadb-server.cnf /etc/my.cnf.d/mariadb-server.cnf
|
||||
COPY run.sh /run.sh
|
||||
|
||||
# TODO(secret)
|
||||
RUN addgroup -S www && adduser -S www www
|
||||
RUN mkdir /db
|
||||
RUN chmod -R 666 /db
|
||||
|
|
|
@ -15,11 +15,18 @@ then
|
|||
echo
|
||||
chmod -R 777 /db
|
||||
mariadb-install-db --user=www --datadir=/db
|
||||
# TODO(secret)
|
||||
echo "creating database..."
|
||||
DATABASE_PWD="$(cat /run/secrets/database-pwd)"
|
||||
if ! [[ "$DATABASE_PWD" =~ ^[a-zA-Z0-9_]+$ ]]
|
||||
then
|
||||
echo "the DB password must contain only letters, digits or '_'."
|
||||
echo
|
||||
exit 1
|
||||
fi
|
||||
echo '
|
||||
FLUSH PRIVILEGES;
|
||||
CREATE DATABASE wp;
|
||||
GRANT ALL PRIVILEGES ON wp.* TO wwsw IDENTIFIED BY "ultraPassword";
|
||||
GRANT ALL PRIVILEGES ON wp.* TO www IDENTIFIED BY "'$DATABASE_PWD'";
|
||||
FLUSH PRIVILEGES;
|
||||
' | mariadbd -u root --bootstrap
|
||||
echo
|
||||
|
|
|
@ -26,7 +26,7 @@ define( 'DB_NAME', 'wp' );
|
|||
define( 'DB_USER', 'www' );
|
||||
|
||||
/** Database password */
|
||||
define( 'DB_PASSWORD', 'ultraPassword' ); # TODO(secret)
|
||||
define( 'DB_PASSWORD', `cat /run/secrets/database-pwd` );
|
||||
|
||||
/** Database hostname */
|
||||
define( 'DB_HOST', 'mariadb:3306' );
|
||||
|
|
Loading…
Add table
Reference in a new issue