[sso-avatars] Also use env var for minio container

From minio's documentation:
- MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated in lieu of
  MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively
- In order to rotate secrets we only need to change
  MINIO_ROOT_{USER,PASSWORD}

Using this commit and the previous one affecting keycloak we can use
per-instance keys as opposed to the current state.
In order to achieve this, AVATARS_ACCESS_KEY and AVATARS_SECRET_KEY must
be set to the desired values.

The only guidelines as to how to generate ACCESS_KEY and SECRET_KEY are:

> Specify a unique, random, and long string for both the ACCESSKEY and
> SECRETKEY. Your organization may have specific internal or regulatory
> requirements around generating values for use with access or secret keys.

See:
- https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ACCESS_KEY
- https://docs.min.io/minio/baremetal/security/minio-identity-management/user-management.html
mejoras_instalacion
Evilham 2022-08-08 09:40:51 +02:00
parent 1ba5e51c41
commit 8309771a1c
No known key found for this signature in database
GPG Key ID: AE3EE30D970886BF
1 changed files with 2 additions and 4 deletions

View File

@ -28,11 +28,9 @@ services:
- ${DATA_FOLDER}/avatars:/data - ${DATA_FOLDER}/avatars:/data
- ${SRC_FOLDER}/avatars:/root/.minio - ${SRC_FOLDER}/avatars:/root/.minio
environment: environment:
- MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE - MINIO_ROOT_USER=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
- MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY - MINIO_ROOT_PASSWORD=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
restart: unless-stopped restart: unless-stopped
# depends_on:
# - ${KEYCLOAK_DB_ADDR}
command: "server /data" command: "server /data"
networks: networks:
- dd_net - dd_net