egullickson/motovaultpro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1799f2fee1553253ae6a5806e892d42fdd342c99
motovaultpro/scripts/inject-secrets.sh
Eric Gullickson 4897f0a52c feat: delete users - not tested
2025-12-22 18:20:25 -06:00

125 lines
4.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# inject-secrets.sh
# Writes GitLab CI File type variables to the secrets directory
# for K8s-style secret mounting in Docker Compose
#
# GitLab File variables provide the PATH to a temporary file containing the secret.
# This script copies those files to the expected secrets/app/ location.
#
# IMPORTANT: In GitLab, variables MUST be set as "File" type, not "Variable" type.
# File type variables provide a PATH to a temp file containing the secret.
# Variable type provides the raw value, which will NOT work with this script.
#
# Required GitLab CI/CD Variables (File type):
# - POSTGRES_PASSWORD
# - AUTH0_CLIENT_SECRET
# - AUTH0_MANAGEMENT_CLIENT_ID (Auth0 Management API client ID for user signup)
# - AUTH0_MANAGEMENT_CLIENT_SECRET (Auth0 Management API client secret)
# - GOOGLE_MAPS_API_KEY
# - GOOGLE_MAPS_MAP_ID
# - CF_DNS_API_TOKEN (Cloudflare DNS API token for Let's Encrypt certificates)
# - RESEND_API_KEY (Resend API key for email notifications)
#
# Required GitLab CI/CD Variables (Variable type):
# - DEPLOY_PATH
set -euo pipefail
# Configuration
DEPLOY_PATH="${DEPLOY_PATH:-/opt/motovaultpro}"
SECRETS_DIR="${DEPLOY_PATH}/secrets/app"
# List of all secret files (must match docker-compose volume mounts)
SECRET_FILES=(
"postgres-password.txt"
"auth0-client-secret.txt"
"auth0-management-client-id.txt"
"auth0-management-client-secret.txt"
"google-maps-api-key.txt"
"google-maps-map-id.txt"
"cloudflare-dns-token.txt"
"resend-api-key.txt"
)
echo "Injecting secrets..."
echo " Deploy path: $DEPLOY_PATH"
echo " Secrets dir: $SECRETS_DIR"
# Step 1: Clean up any incorrectly created directories
# Docker creates directories when bind-mounting files that don't exist
echo ""
echo "Cleaning up any corrupted secret paths..."
for file in "${SECRET_FILES[@]}"; do
target_path="${SECRETS_DIR}/${file}"
if [ -d "$target_path" ]; then
echo " Removing directory: $file"
rm -rf "$target_path"
fi
done
# Step 2: Ensure secrets directory exists
if [ -e "$SECRETS_DIR" ] && [ ! -d "$SECRETS_DIR" ]; then
echo " Removing invalid secrets path..."
rm -rf "$SECRETS_DIR"
fi
mkdir -p "$SECRETS_DIR"
chmod 700 "$SECRETS_DIR"
# Function to inject a secret
inject_secret() {
local var_name="$1"
local file_name="$2"
local target_path="${SECRETS_DIR}/${file_name}"
# GitLab File variables contain the PATH to a temp file
local source_path="${!var_name:-}"
if [ -z "$source_path" ]; then
echo " ERROR: Variable $var_name is not set"
echo " Ensure it exists in GitLab CI/CD Variables"
return 1
fi
# Check if it looks like a raw value instead of a file path
if [[ ! "$source_path" =~ ^/ ]]; then
echo " ERROR: $var_name appears to be a raw value, not a file path"
echo " In GitLab, change the variable Type from 'Variable' to 'File'"
return 1
fi
if [ ! -f "$source_path" ]; then
echo " ERROR: File not found for $var_name at $source_path"
echo " Ensure the variable is set as 'File' type in GitLab"
return 1
fi
# Copy the secret file (644 so container users can read)
cp "$source_path" "$target_path"
chmod 644 "$target_path"
echo " OK: $file_name"
}
# Inject all secrets
FAILED=0
inject_secret "POSTGRES_PASSWORD" "postgres-password.txt" || FAILED=1
inject_secret "AUTH0_CLIENT_SECRET" "auth0-client-secret.txt" || FAILED=1
inject_secret "AUTH0_MANAGEMENT_CLIENT_ID" "auth0-management-client-id.txt" || FAILED=1
inject_secret "AUTH0_MANAGEMENT_CLIENT_SECRET" "auth0-management-client-secret.txt" || FAILED=1
inject_secret "GOOGLE_MAPS_API_KEY" "google-maps-api-key.txt" || FAILED=1
inject_secret "GOOGLE_MAPS_MAP_ID" "google-maps-map-id.txt" || FAILED=1
inject_secret "CF_DNS_API_TOKEN" "cloudflare-dns-token.txt" || FAILED=1
inject_secret "RESEND_API_KEY" "resend-api-key.txt" || FAILED=1
if [ $FAILED -eq 1 ]; then
echo ""
echo "ERROR: One or more secrets failed to inject"
echo "Ensure all required CI/CD variables are configured as File type in GitLab"
exit 1
fi
echo ""
echo "Secrets injected successfully"
echo "Files created in $SECRETS_DIR:"
ls -la "$SECRETS_DIR"
Reference in New Issue View Git Blame Copy Permalink