add aws secret handling (#161)

* add aws secret handling * make it look go-ish * fix tests * whitespace * sleep a bit
2025-12-07 17:58:03 +01:00 · 2022-10-12 19:14:57 +02:00
parent 00c83dfac7
commit b5cc1262e2
6 changed files with 202 additions and 2 deletions
--- a/cmd/backup/config.go
+++ b/cmd/backup/config.go
@@ -4,6 +4,7 @@
 package main

 import (
+	"os"
 	"fmt"
 	"regexp"
 	"time"
@@ -19,7 +20,9 @@ type Config struct {
 	AwsEndpointInsecure        bool          `split_words:"true"`
 	AwsStorageClass            string        `split_words:"true"`
 	AwsAccessKeyID             string        `envconfig:"AWS_ACCESS_KEY_ID"`
+	AwsAccessKeyIDFile         string        `envconfig:"AWS_ACCESS_KEY_ID_FILE"`
 	AwsSecretAccessKey         string        `split_words:"true"`
+	AwsSecretAccessKeyFile     string        `split_words:"true"`
 	AwsIamRoleEndpoint         string        `split_words:"true"`
 	BackupSources              string        `split_words:"true" default:"/backup"`
 	BackupFilename             string        `split_words:"true" default:"backup-%Y-%m-%dT%H-%M-%S.tar.gz"`
@@ -58,6 +61,17 @@ type Config struct {
 	LockTimeout                time.Duration `split_words:"true" default:"60m"`
 }

+func (c *Config) resolveSecret(envVar string, secretPath string) (string, error) {
+	if secretPath != "" {
+		data, err := os.ReadFile(secretPath)
+		if err != nil {
+			return "", fmt.Errorf("resolveSecret: error reading secret path: %w", err)
+		}
+		return string(data), nil
+	}
+	return envVar, nil
+}
+
 type RegexpDecoder struct {
 	Re *regexp.Regexp
 }