From 1ec8f2b033e8c16a1177087251620b59cb69e145 Mon Sep 17 00:00:00 2001 From: Andrew Marshall Date: Sun, 10 Nov 2024 10:19:38 -0500 Subject: [PATCH] Read secrets dir from CREDENTIALS_DIRECTORY This supports systemd credentials, see https://systemd.io/CREDENTIALS/. Default to `/run/secrets` (the Docker Secrets dir) for backwards compatibility. --- docs/docs/configuration/authentication.md | 2 +- frigate/config/env.py | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/docs/configuration/authentication.md b/docs/docs/configuration/authentication.md index bf878d6bd..0c9b8dcfc 100644 --- a/docs/docs/configuration/authentication.md +++ b/docs/docs/configuration/authentication.md @@ -80,7 +80,7 @@ python3 -c 'import secrets; print(secrets.token_hex(64))' Frigate looks for a JWT token secret in the following order: 1. An environment variable named `FRIGATE_JWT_SECRET` -2. A docker secret named `FRIGATE_JWT_SECRET` in `/run/secrets/` +2. A file named `FRIGATE_JWT_SECRET` in the directory specified by the `CREDENTIALS_DIRECTORY` environment variable (defaults to Docker Secrets directory: `/run/secrets/`) 3. A `jwt_secret` option from the Home Assistant Add-on options 4. A `.jwt_secret` file in the config directory diff --git a/frigate/config/env.py b/frigate/config/env.py index 0a9b92e8f..6534ff411 100644 --- a/frigate/config/env.py +++ b/frigate/config/env.py @@ -5,12 +5,13 @@ from typing import Annotated from pydantic import AfterValidator, ValidationInfo FRIGATE_ENV_VARS = {k: v for k, v in os.environ.items() if k.startswith("FRIGATE_")} -# read docker secret files as env vars too -if os.path.isdir("/run/secrets") and os.access("/run/secrets", os.R_OK): - for secret_file in os.listdir("/run/secrets"): +secrets_dir = os.environ.get("CREDENTIALS_DIRECTORY", "/run/secrets") +# read secret files as env vars too +if os.path.isdir(secrets_dir) and os.access(secrets_dir, os.R_OK): + for secret_file in os.listdir(secrets_dir): if secret_file.startswith("FRIGATE_"): FRIGATE_ENV_VARS[secret_file] = ( - Path(os.path.join("/run/secrets", secret_file)).read_text().strip() + Path(os.path.join(secrets_dir, secret_file)).read_text().strip() )