Hi,
Context:
I'm trying to configure a spring boot application using docker secrets. Since spring boot does not support _FILE environment vars out of box. I figure out whats should work out of the box.
Reading https://github.com/spring-projects/spring-framework/issues/21961 I got this: https://github.com/spring-projects/spring-boot/issues/19990
The configuration is needs a property called keycloak.password. I setup a docker secret called keycloak-password which lives in /var/run/secrets/keycloak-password. As i know, docker secrets are always in /var/run/secrets/, I could not use the wildcard feature of config tree here.
According to https://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/html/spring-boot-features.html#boot-features-external-config-files-configtree I configured may application env variables like this:
SPRING_CONFIG_IMPORT='configtree:var/run/secrets/'
but the still missing the keycloak.password property.
While KEYCLOAK_PASSWORD=admin work fine, using KEYCLOAK_PASSWORD=${keycloak-password} raise an error like:
***************************
APPLICATION FAILED TO START
***************************
Description:
Failed to bind properties under 'keycloak.password' to java.lang.String:
Property: keycloak.password
Value: ${keycloak-password}
Origin: System Environment Property "KEYCLOAK_PASSWORD"
Reason: Circular placeholder reference 'keycloak-password' in property definitions
Action:
Update your application's configuration
Actual Result
The property keycloak.password isn't configureable via docker secrets. Re-assign the var via environment variables results in Circular placeholder reference.
Expected Result
Configtree should have the same relax binding support as I known form env variables.
Comment From: mbhave
Can you expand on why you need to set the environment variable as KEYCLOAK_PASSWORD=${keycloak-password}? If you need a property such as keycloak.password in the environment, the secret would be available at: var/run/secrets/keycloak/password.
Comment From: jkroepke
I have to check that. As I know the path of secrets for docker secrets is always /run/secrets/<name> (/var/run/secrets/<name> on older versions). Unlike on kubernetes, the path is not configurable.
Comment From: jkroepke
I figure out, just name the file keycloak.password instead using subfolders will work, too.
Reading the docs, I would expect, define properties with dots via configtree this is only possible trough sub directions.
Comment From: wilkinsona
I wonder if we should update the documentation here? I'm not sure that, strictly speaking, what Docker writes out is a configtree so it may get a bit confusing.
Comment From: sreenathhari
In ur application.properties file you need to add the property spring.config.import=configtree:var/run/secrets Then in the same path provided u need to create the secret file with file name as the key which u want to import and file content should be the value of the corresponding property and you can have multiple files in the same location all will be imported as properties to your application on startup.
keycloak.password should be the file name you are creating and the file should contain the secret password
Comment From: jkroepke
@sreenathhari Thanks!
Everything works already fine and document here: https://github.com/adorsys/keycloak-config-cli#configure-properties-values-through-files
From spring docs, its not known that /var/run/secrets.keycloak worked. By reading the docs I thought the file must be named /var/run/secrets/keycloak.