mirror of
https://github.com/blakeblackshear/frigate.git
synced 2025-08-13 13:47:36 +02:00
Read secrets dir from CREDENTIALS_DIRECTORY
This supports systemd credentials, see https://systemd.io/CREDENTIALS/. Default to `/run/secrets` (the Docker Secrets dir) for backwards compatibility.
This commit is contained in:
parent
4f4c8a4fb9
commit
1ec8f2b033
@ -80,7 +80,7 @@ python3 -c 'import secrets; print(secrets.token_hex(64))'
|
||||
Frigate looks for a JWT token secret in the following order:
|
||||
|
||||
1. An environment variable named `FRIGATE_JWT_SECRET`
|
||||
2. A docker secret named `FRIGATE_JWT_SECRET` in `/run/secrets/`
|
||||
2. A file named `FRIGATE_JWT_SECRET` in the directory specified by the `CREDENTIALS_DIRECTORY` environment variable (defaults to Docker Secrets directory: `/run/secrets/`)
|
||||
3. A `jwt_secret` option from the Home Assistant Add-on options
|
||||
4. A `.jwt_secret` file in the config directory
|
||||
|
||||
|
@ -5,12 +5,13 @@ from typing import Annotated
|
||||
from pydantic import AfterValidator, ValidationInfo
|
||||
|
||||
FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE_")}
|
||||
# read docker secret files as env vars too
|
||||
if os.path.isdir("/run/secrets") and os.access("/run/secrets", os.R_OK):
|
||||
for secret_file in os.listdir("/run/secrets"):
|
||||
secrets_dir = os.environ.get("CREDENTIALS_DIRECTORY", "/run/secrets")
|
||||
# read secret files as env vars too
|
||||
if os.path.isdir(secrets_dir) and os.access(secrets_dir, os.R_OK):
|
||||
for secret_file in os.listdir(secrets_dir):
|
||||
if secret_file.startswith("FRIGATE_"):
|
||||
FRIGATE_ENV_VARS[secret_file] = (
|
||||
Path(os.path.join("/run/secrets", secret_file)).read_text().strip()
|
||||
Path(os.path.join(secrets_dir, secret_file)).read_text().strip()
|
||||
)
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user