server: put s3 access key in a file · adam.robins.wtf/sower@fb1fea0

+41 -16

2 changed files

expand all

apps

sower

lib

sower

config.ex

dev-server-example.json

+33 -15

apps/sower/lib/sower/config.ex

··· 59 59 properties: %{ 60 60 endpoint: %Schema{type: :string, format: :uri}, 61 61 region: %Schema{type: :string}, 62 - access_key_id: %Schema{type: :string}, 63 - secret_access_key_file: %Schema{type: :string}, 62 + access_key_file: %Schema{type: :string}, 63 + secret_key_file: %Schema{type: :string}, 64 64 bucket: %Schema{type: :string} 65 65 }, 66 - required: [:endpoint, :region, :bucket, :access_key_id] 66 + required: [:endpoint, :region, :bucket, :access_key_file, :secret_key_file] 67 67 }, 68 68 listen_address: %Schema{ 69 69 anyOf: [ ··· 172 172 Kernel.exit(1) 173 173 end 174 174 175 + # s3 access key id 176 + json_config = 177 + with {:ok, s3} <- json_config |> Keyword.fetch(:s3), 178 + {:ok, access_key_file} <- s3 |> Keyword.fetch(:access_key_file), 179 + {:ok, access_key} <- read_credential(access_key_file) do 180 + json_config 181 + |> Keyword.put(:s3, s3 |> Keyword.put(:access_key, access_key)) 182 + else 183 + {:error, err} -> 184 + Logger.warning( 185 + msg: "Failed to load access_key from secret file", 186 + error: err 187 + ) 188 + 189 + Kernel.exit(1) 190 + 191 + :error -> 192 + Logger.debug("Configuration is missing `s3.access_key_file`.") 193 + json_config 194 + end 195 + 175 196 # s3 secret access key 176 197 json_config = 177 198 with {:ok, s3} <- json_config |> Keyword.fetch(:s3), 178 - {:ok, secret_access_key_file} <- s3 |> Keyword.fetch(:secret_access_key_file), 179 - {:ok, secret_access_key} <- read_credential(secret_access_key_file) do 199 + {:ok, secret_key_file} <- s3 |> Keyword.fetch(:secret_key_file), 200 + {:ok, secret_key} <- read_credential(secret_key_file) do 180 201 json_config 181 - |> Keyword.put(:s3, s3 |> Keyword.put(:secret_access_key, secret_access_key)) 202 + |> Keyword.put(:s3, s3 |> Keyword.put(:secret_key, secret_key)) 182 203 else 183 204 {:error, err} -> 184 205 Logger.warning( 185 - msg: "Failed to load secret_access_key from secret file", 206 + msg: "Failed to load secret_key from secret file", 186 207 error: err 187 208 ) 188 209 189 210 Kernel.exit(1) 190 211 191 212 :error -> 192 - Logger.debug("Configuration is missing `s3.secret_access_key_file`.") 213 + Logger.debug("Configuration is missing `s3.secret_key_file`.") 193 214 json_config 194 215 end 195 216 ··· 240 261 region: get_in(json_config, [:s3, :region]), 241 262 host: get_in(json_config, [:s3, :host]), 242 263 access_key_id: [ 243 - get_in(json_config, [:s3, :access_key_id]), 244 - # json_config |> Keyword.fetch!(:s3) |> Keyword 245 - {:system, "AWS_ACCESS_KEY_ID"}, 246 - {:system, "SOWER_AWS_ACCESS_KEY_ID"} 264 + get_in(json_config, [:s3, :access_key]), 265 + {:system, "SOWER_AWS_ACCESS_KEY"} 247 266 ], 248 267 secret_access_key: [ 249 - get_in(json_config, [:s3, :secret_access_key]), 250 - {:system, "AWS_SECRET_ACCESS_KEY"}, 251 - {:system, "SOWER_AWS_SECRET_ACCESS_KEY"} 268 + get_in(json_config, [:s3, :secret_key]), 269 + {:system, "SOWER_AWS_SECRET_KEY"} 252 270 ] 253 271 254 272 %URI{scheme: scheme, host: host, port: port} =

+8 -1

dev-server-example.json

··· 21 21 } 22 22 }, 23 23 "log_level": "debug", 24 - "secret_key_base_file": ".dev-secret-key-base" 24 + "secret_key_base_file": ".dev-secret-key-base", 25 + "s3": { 26 + "endpoint": "https://my.garage.server", 27 + "region": "garage", 28 + "access_key_file": ".dev-s3-key-id", 29 + "secret_key_file": ".dev-s3-secret-key", 30 + "bucket": "sower-dev" 31 + } 25 32 }

Configure Feed

Configure Feed