Add Docker Secrets Support

README.md

@@ -89,6 +89,12 @@ Available options/variables and their default values:
 
 See `config.js` for all options.
 
+#### Using Secrets for Docker
+
+You can set any options/variables via [docker secrets](https://docs.docker.com/compose/use-secrets/) by appending `_FILE` to the variable/option name, e.g. to set `EG_PASSWORD` as secret replace it with `EG_PASSWORD_FILE` and setup secret as described in a docker documentation. You can find example in `docker-compose.yml`.
+
+If you set same options as variables and as secret, secret value will override variable.
+
 #### How to set options
 You can add options directly in the command or put them in a file to load.
 

docker-compose.yml

@@ -1,15 +1,54 @@
 # start with `docker compose up`
+version: "3.7"
+
 services:
-  free-games-claimer:
+  free-games-claimer: # Service Example with localdata and variables
     container_name: fgc # is printed in front of every output line
     image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer
-    build: .
     ports:
       # - "5900:5900" # VNC server
       - "6080:6080" # noVNC (browser-based VNC client)
     volumes:
       - fgc:/fgc/data
     # command: bash -c "node epic-games; node gog"
     environment:
-      # - [email protected]
-      # - NOTIFY='tgram://...'
+      - VNC_PASSWORD="vnc password"
+      - EMAIL="user name"
+      - PASSWORD="password"
+      - EG_OTPKEY="epic otp"
+
+####
+# OR
+####
+
+  free-games-claimer-secrets: # Service Example with Secrets support
+    container_name: fgc # is printed in front of every output line
+    image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer
+    ports:
+      # - "5900:5900" # VNC server
+      - "6080:6080" # noVNC (browser-based VNC client)
+    volumes:
+      - fgc:/fgc/data
+    # command: bash -c "node epic-games; node gog"
+    environment:
+      - VNC_PASSWORD_FILE=/run/secrets/vnc_password
+      - EMAIL_FILE=/run/secrets/common_user
+      - PASSWORD_FILE=/run/secrets/common_password
+      - EG_OTPKEY_FILE=/run/secrets/epic_otp
+    secrets:
+      - user
+      - password
+      - epic_otp
+      - vnc_password
+
+# Secrets section is only needed if you are using docker secrets, not .env solution.
+# In this case use "free-games-claimer-secrets" from the services and "free-games-claimer" otherwise.
+secrets:
+  vnc_password:
+    file: .secrets/vnc_password
+  user:
+    file: .secrets/common_user
+  password:
+    file: .secrets/common_password
+  epic_otp:
+    file: .secrets/epic_otp

docker-entrypoint.sh

@@ -13,6 +13,34 @@ rm -f /fgc/data/browser/SingletonLock
 # ls -l /tmp/.X11-unix/
 rm -f /tmp/.X1-lock
 
+# Check and export secrets to variables if exist
+# Get list of VARIABLES with "_FILE" at the end
+SECRETS_LIST=$(env | grep "_FILE")
+if [ ! -z "$SECRETS_LIST" ]; then
+
+    echo "Secrets were found, will try to convert them into the Variables..."
+
+    # Will read one by one, remove "_FILE" from the end and get value from the file
+    # Known bug: if you set "=" in the variable value, it will be converted to the space
+    while read SECRETS; do
+        SECRET_VALUE=$(echo $SECRETS | awk -F'[=]' '{ $1=""; print $0 }')
+        # Remove unneeded space at the begging
+        SECRET_VALUE=${SECRET_VALUE:1}
+        SECRET_NAME=$(echo $SECRETS | awk -F'[=]' '{ print $1 }')
+        # Remove "_FILE" at the end of the Variable Name
+        SECRET_NAME=${SECRET_NAME::-5}
+
+        # If file with value readable, use it to fetch value and export variable
+        if [ -r "$SECRET_VALUE" ]; then
+            echo "Setting $SECRET_NAME with value from $SECRET_VALUE"
+            export "$SECRET_NAME"="$(cat "$SECRET_VALUE")"
+        else
+            echo "ERROR - $SECRETS is configured, but file not exist or not readable."
+        fi
+    done <<< $SECRETS_LIST
+
+fi
+
 # 6000+SERVERNUM is the TCP port Xvfb is listening on:
 # SERVERNUM=$(echo "$DISPLAY" | sed 's/:\([0-9][0-9]*\).*/\1/')