From 0dd3dd23aa4a6c6b734f6fa285df8e4bcb056bd5 Mon Sep 17 00:00:00 2001 From: Blake Blackshear Date: Thu, 2 Nov 2023 10:35:30 +0000 Subject: [PATCH] add support for docker secrets (#8409) * add support for docker secrets * check for directory first --- docker/main/rootfs/usr/local/go2rtc/create_config.py | 9 +++++++++ docs/docs/configuration/index.md | 6 +++--- docs/docs/integrations/plus.md | 2 +- frigate/config.py | 8 ++++++++ frigate/plus.py | 5 +++++ 5 files changed, 26 insertions(+), 4 deletions(-) diff --git a/docker/main/rootfs/usr/local/go2rtc/create_config.py b/docker/main/rootfs/usr/local/go2rtc/create_config.py index 7d69dc415..a7ffaf2da 100644 --- a/docker/main/rootfs/usr/local/go2rtc/create_config.py +++ b/docker/main/rootfs/usr/local/go2rtc/create_config.py @@ -3,6 +3,7 @@ import json import os import sys +from pathlib import Path import yaml @@ -16,6 +17,14 @@ sys.path.remove("/opt/frigate") FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE_")} +# read docker secret files as env vars too +if os.path.isdir("/run/secrets"): + for secret_file in os.listdir("/run/secrets"): + if secret_file.startswith("FRIGATE_"): + FRIGATE_ENV_VARS[secret_file] = Path( + os.path.join("/run/secrets", secret_file) + ).read_text() + config_file = os.environ.get("CONFIG_FILE", "/config/config.yml") # Check if we can use .yaml instead of .yml diff --git a/docs/docs/configuration/index.md b/docs/docs/configuration/index.md index efaa64382..dcba4e28f 100644 --- a/docs/docs/configuration/index.md +++ b/docs/docs/configuration/index.md @@ -75,11 +75,11 @@ mqtt: # NOTE: must be unique if you are running multiple instances client_id: frigate # Optional: user - # NOTE: MQTT user can be specified with an environment variables that must begin with 'FRIGATE_'. + # NOTE: MQTT user can be specified with an environment variables or docker secrets that must begin with 'FRIGATE_'. # e.g. user: '{FRIGATE_MQTT_USER}' user: mqtt_user # Optional: password - # NOTE: MQTT password can be specified with an environment variables that must begin with 'FRIGATE_'. + # NOTE: MQTT password can be specified with an environment variables or docker secrets that must begin with 'FRIGATE_'. # e.g. password: '{FRIGATE_MQTT_PASSWORD}' password: password # Optional: tls_ca_certs for enabling TLS using self-signed certs (default: None) @@ -491,7 +491,7 @@ cameras: # Required: A list of input streams for the camera. See documentation for more information. inputs: # Required: the path to the stream - # NOTE: path may include environment variables, which must begin with 'FRIGATE_' and be referenced in {} + # NOTE: path may include environment variables or docker secrets, which must begin with 'FRIGATE_' and be referenced in {} - path: rtsp://viewer:{FRIGATE_RTSP_PASSWORD}@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2 # Required: list of roles for this stream. valid values are: audio,detect,record,rtmp # NOTICE: In addition to assigning the audio, record, and rtmp roles, diff --git a/docs/docs/integrations/plus.md b/docs/docs/integrations/plus.md index e7a6217ef..837623e67 100644 --- a/docs/docs/integrations/plus.md +++ b/docs/docs/integrations/plus.md @@ -19,7 +19,7 @@ Once logged in, you can generate an API key for Frigate in Settings. ### Set your API key -In Frigate, you can set the `PLUS_API_KEY` environment variable to enable the `SEND TO FRIGATE+` buttons on the events page. You can set it in your Docker Compose file or in your Docker run command. Home Assistant Addon users can set it under Settings > Addons > Frigate NVR > Configuration > Options (be sure to toggle the "Show unused optional configuration options" switch). +In Frigate, you can use an environment variable or a docker secret named `PLUS_API_KEY` to enable the `SEND TO FRIGATE+` buttons on the events page. Home Assistant Addon users can set it under Settings > Addons > Frigate NVR > Configuration > Options (be sure to toggle the "Show unused optional configuration options" switch). :::caution diff --git a/frigate/config.py b/frigate/config.py index 902a6b32b..82e518923 100644 --- a/frigate/config.py +++ b/frigate/config.py @@ -5,6 +5,7 @@ import json import logging import os from enum import Enum +from pathlib import Path from typing import Dict, List, Optional, Tuple, Union import matplotlib.pyplot as plt @@ -47,6 +48,13 @@ DEFAULT_TIME_FORMAT = "%m/%d/%Y %H:%M:%S" # DEFAULT_TIME_FORMAT = "%d.%m.%Y %H:%M:%S" FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE_")} +# read docker secret files as env vars too +if os.path.isdir("/run/secrets"): + for secret_file in os.listdir("/run/secrets"): + if secret_file.startswith("FRIGATE_"): + FRIGATE_ENV_VARS[secret_file] = Path( + os.path.join("/run/secrets", secret_file) + ).read_text() DEFAULT_TRACKED_OBJECTS = ["person"] DEFAULT_LISTEN_AUDIO = ["bark", "fire_alarm", "scream", "speech", "yell"] diff --git a/frigate/plus.py b/frigate/plus.py index 032b4a6bd..88e025596 100644 --- a/frigate/plus.py +++ b/frigate/plus.py @@ -3,6 +3,7 @@ import json import logging import os import re +from pathlib import Path from typing import Any, List import cv2 @@ -36,6 +37,10 @@ class PlusApi: self.key = None if PLUS_ENV_VAR in os.environ: self.key = os.environ.get(PLUS_ENV_VAR) + elif os.path.isdir("/run/secrets") and PLUS_ENV_VAR in os.listdir( + "/run/secrets" + ): + self.key = Path(os.path.join("/run/secrets", PLUS_ENV_VAR)).read_text() # check for the addon options file elif os.path.isfile("/data/options.json"): with open("/data/options.json") as f: