add possibility to load secret from file, delete the secret file after loading

src/bunker.go

@@ -521,6 +521,10 @@ func masterkeyGet(masterKeyPtr *string) ([]byte, error) {
 		}
 		// Convert []byte to string
 		masterKeyStr = strings.TrimSpace(string(content))
+		// we will TRY to delete secret file when running inside container/kubernetes
+		if isContainer() == true {
+			os.Remove(os.Getenv("DATABUNKER_MASTERKEY_FILE"))
+		}
 	}
 	if len(masterKeyStr) == 0 {
 		return nil, errors.New("Master key environment variable/parameter is missing")
@@ -602,7 +606,11 @@ func main() {
 		log.Printf("Error: %s", masterKeyErr)
 		os.Exit(0)
 	}
-	store, _ := storage.OpenDB(dbPtr)
+	store, err := storage.OpenDB(dbPtr)
+	if err != nil {
+		log.Printf("Filed to open db: %s", err)
+                os.Exit(0)
+	}
 	hash := md5.Sum(masterKey)
 	db := &dbcon{store, masterKey, hash[:]}
 	e := mainEnv{db, cfg, make(chan struct{})}

src/storage/mysql-storage.go

@@ -5,6 +5,7 @@ package storage
 import (
 	"database/sql"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -44,6 +45,13 @@ func (dbobj MySQLDB) getConnectionString(dbname *string) string {
 	if dbname != nil && len(*dbname) > 0 {
 		dbnameString = *dbname
 	}
+	if len(os.Getenv("MYSQL_USER_PASS_FILE")) > 0 {
+		content, err := ioutil.ReadFile(os.Getenv("MYSQL_USER_PASS_FILE"))
+		if err != nil {
+			return ""
+		}
+		pass = strings.TrimSpace(string(content))
+	}
 	//str0 := fmt.Sprintf("%s:****@tcp(%s:%s)/%s", user, host, port, dbnameString)
 	//fmt.Printf("myql connection string: %s\n", str0)
 	str := fmt.Sprintf("%s:%s@tcp(%s:%s)/%s", user, pass, host, port, dbnameString)
@@ -135,6 +143,9 @@ func (dbobj *MySQLDB) OpenDB(dbname *string) error {
 	}
 	tx.Commit()
 	fmt.Printf("tables: %s\n", allTables)
+	if isContainer() == true && len(os.Getenv("MYSQL_USER_PASS_FILE")) > 0 {
+		os.Remove(os.Getenv("MYSQL_USER_PASS_FILE"))
+	}
 	return nil
 }
 

src/storage/storage.go

@@ -141,3 +141,16 @@ func contains(slice []string, item string) bool {
 	_, ok := set[item]
 	return ok
 }
+
+func isContainer() bool {
+	//if _, err := os.Stat("/.dockerenv"); err == nil {
+	//	return true
+	//}
+	if len(os.Getenv("KUBERNETES_SERVICE_HOST")) > 0 {
+		return true
+	}
+	if _, err := os.Stat("/var/run/secrets/kubernetes.io"); err == nil {
+		return true
+	}
+	return false
+}

src/utils.go

@@ -12,6 +12,7 @@ import (
 	"mime"
 	"net/http"
 	"net/url"
+	"os"
 	"regexp"
 	"strconv"
 	"strings"
@@ -299,6 +300,19 @@ func isValidHex(hex1 string) bool {
 	return regexHex.MatchString(hex1)
 }
 
+func isContainer() bool {
+	//if _, err := os.Stat("/.dockerenv"); err == nil {
+	//	return true
+	//}
+	if len(os.Getenv("KUBERNETES_SERVICE_HOST")) > 0 {
+		return true
+	}
+	if _, err := os.Stat("/var/run/secrets/kubernetes.io"); err == nil {
+		return true
+	}
+	return false
+}
+
 // stringPatternMatch looks for basic human patterns like "*", "*abc*", etc...
 func stringPatternMatch(pattern string, value string) bool {
 	if len(pattern) == 0 {