Question

Server secrets in config.xml using environment variables

  • 21 July 2022
  • 1 reply
  • 49 views

Hello,

 

We started setting up the service definer servers in containers.

We want to use a Key Vault to store the passwords, and the CICD pipeline will send the required passwords to the container as Linux environment variables.

Therefore, we want to replace some properties of the server config.xml with the value of the Linux environment variables when the container is started.

One option is to create a bash script to replace the properties with the environment variables before the server starts, but do you know an easier way to use those environment variables in the server configuration?

 

Many thanks,

Albert


1 reply

Userlevel 1

Hey Albert, 

I can think of two options. one is when you build the image and the other is at container startup.

In image

When you build your image, you can add a replace but then you'd have to build a new image when your password changes. That would look something like this:

RUN xml ed -L -u /Config/Server/Properties/Property[@name='MyCustomProperty'] -v "${env:ENVPWD}" config.xml

Beware I found the above in one of my dockerfiles that I altered a bit, so this one I’m not sure works. You'd have to try:)

In container

If you want to do it in container then you can make your service method take it out of the env variables by just storing the environment name as the value of the property and making a function that reads that name and uses the java method to get the corresponding value. Something like:

Bottom left you see the implementation of CustomREST test()  where I look in the config for the property MyConfigProperty. That has a value ENVPWD(bottom right). that environment variable is set before I start the server(top left) and when I request the CustomREST/test endpoint I get the value of the env variable(top right).

 

Im not sure if this is simpler than a bash script though

Reply