ref(secrets): read generated secrets from k8s for the setings file

helgi · helgi · commit 942ae690e3d2 · 2016-01-12T15:49:20.000-08:00
diff --git a/rootfs/bin/boot b/rootfs/bin/boot
@@ -50,8 +50,6 @@ function etcd_safe_mkdir {
 }
 
 etcd_set_default protocol "${DEIS_PROTOCOL:-http}"
-etcd_set_default secretKey "${DEIS_SECRET_KEY:-$(openssl rand -base64 64 | tr -d '\n')}"
-etcd_set_default builderKey "${DEIS_BUILDER_KEY:-$(openssl rand -base64 64 | tr -d '\n')}"
 etcd_set_default registrationMode "enabled"
 etcd_set_default webEnabled 0
 
diff --git a/rootfs/templates/confd_settings.py b/rootfs/templates/confd_settings.py
@@ -1,8 +1,11 @@
 import os
 
 # security keys and auth tokens
-SECRET_KEY = '{{ getv "/deis/controller/secretKey" }}'
-BUILDER_KEY = '{{ getv "/deis/controller/builderKey" }}'
+with open('/var/run/secrets/api/builder/auth/builder-key') as f:
+    BUILDER_KEY = f.read()
+
+with open('/var/run/secrets/api/django/secret-key') as f:
+    SECRET_KEY = f.read()
 
 # scheduler settings
 SCHEDULER_MODULE = 'scheduler'

Original file line number	Diff line number	Diff line change
`@@ -50,8 +50,6 @@ function etcd_safe_mkdir {`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`etcd_set_default protocol "${DEIS_PROTOCOL:-http}"`
`53`		`-etcd_set_default secretKey "${DEIS_SECRET_KEY:-$(openssl rand -base64 64 \| tr -d '\n')}"`
`54`		`-etcd_set_default builderKey "${DEIS_BUILDER_KEY:-$(openssl rand -base64 64 \| tr -d '\n')}"`
`55`	`53`	`etcd_set_default registrationMode "enabled"`
`56`	`54`	`etcd_set_default webEnabled 0`
`57`	`55`