allow overriding config file with environment variables
What feature would you like implemented?
As a generalisation of https://activitypub.software/TransFem-org/Sharkey/-/blob/develop/packages/backend/src/env.ts we should allow setting config values via the environment, at the very least passwords & api keys.
Why should we add this feature?
Currently you have to store secrets (passwords to postgresql & redis, for example) in the config file. This is generally considered a sub-optimal approach:
- people who handle config files with VCSs don't want to store cleartext secrets in their VCSs
- Docker likes passing configuration values via the environment
As a further improvements, we could allow reading secrets from different files, to support systemd
LoadCredentialEncrypted
This issue was raised in this thread https://woem.men/notes/9r0j2rnbtfo001g9 so thanks to @luna@woem.men and @rachel@transitory.social
Version
2024.3
Contribution Guidelines
By submitting this issue, you agree to follow our Contribution Guidelines
- I agree to follow this project's Contribution Guidelines
- I have searched the issue tracker for similar requests, and this is not a duplicate.