Read from credential files

See https://systemd.io/CREDENTIALS/. This will also work for Docker Secrets by setting `CREDENTIALS_DIRECTORY=/run/secrets`.
2025-12-24 12:57:56 +08:00 · 2024-11-10 15:42:40 -05:00
parent ad14a5ccba
commit 7640a42bfc
2 changed files with 11 additions and 3 deletions
--- a/pkg/shell/shell.go
+++ b/pkg/shell/shell.go
@@ -3,6 +3,7 @@ package shell
 import (
 	"os"
 	"os/signal"
+	"path/filepath"
 	"regexp"
 	"strings"
 	"syscall"
@@ -51,6 +52,13 @@ func ReplaceEnvVars(text string) string {
 			dok = true
 		}

+		if dir, vok := os.LookupEnv("CREDENTIALS_DIRECTORY"); vok {
+			value, err := os.ReadFile(filepath.Join(dir, key))
+			if err == nil {
+				return strings.TrimSpace(string(value))
+			}
+		}
+
 		if value, vok := os.LookupEnv(key); vok {
 			return value
 		}