[sso-avatars] Also use env var for minio container
From minio's documentation:
- MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated in lieu of
MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively
- In order to rotate secrets we only need to change
MINIO_ROOT_{USER,PASSWORD}
Using this commit and the previous one affecting keycloak we can use
per-instance keys as opposed to the current state.
In order to achieve this, AVATARS_ACCESS_KEY and AVATARS_SECRET_KEY must
be set to the desired values.
The only guidelines as to how to generate ACCESS_KEY and SECRET_KEY are:
> Specify a unique, random, and long string for both the ACCESSKEY and
> SECRETKEY. Your organization may have specific internal or regulatory
> requirements around generating values for use with access or secret keys.
See:
- https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ACCESS_KEY
- https://docs.min.io/minio/baremetal/security/minio-identity-management/user-management.html
merge-requests/20/head
Evilham
parent
1ba5e51c41
commit
8309771a1c
|
|
@ -28,11 +28,9 @@ services:
|
|||
- ${DATA_FOLDER}/avatars:/data
|
||||
- ${SRC_FOLDER}/avatars:/root/.minio
|
||||
environment:
|
||||
- MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
|
||||
- MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
||||
- MINIO_ROOT_USER=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
|
||||
- MINIO_ROOT_PASSWORD=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
|
||||
restart: unless-stopped
|
||||
# depends_on:
|
||||
# - ${KEYCLOAK_DB_ADDR}
|
||||
command: "server /data"
|
||||
networks:
|
||||
- dd_net
|
||||
|
|
|
|||
Loading…
Reference in New Issue