[sso-avatars] Also use env var for minio container
From minio's documentation:
- MINIO_ACCESS_KEY and MINIO_SECRET_KEY are deprecated in lieu of
MINIO_ROOT_USER and MINIO_ROOT_PASSWORD respectively
- In order to rotate secrets we only need to change
MINIO_ROOT_{USER,PASSWORD}
Using this commit and the previous one affecting keycloak we can use
per-instance keys as opposed to the current state.
In order to achieve this, AVATARS_ACCESS_KEY and AVATARS_SECRET_KEY must
be set to the desired values.
The only guidelines as to how to generate ACCESS_KEY and SECRET_KEY are:
> Specify a unique, random, and long string for both the ACCESSKEY and
> SECRETKEY. Your organization may have specific internal or regulatory
> requirements around generating values for use with access or secret keys.
See:
- https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html#envvar.MINIO_ACCESS_KEY
- https://docs.min.io/minio/baremetal/security/minio-identity-management/user-management.html
mejoras_instalacion
Evilham
parent
1ba5e51c41
commit
8309771a1c
|
|
@ -28,11 +28,9 @@ services:
|
||||||
- ${DATA_FOLDER}/avatars:/data
|
- ${DATA_FOLDER}/avatars:/data
|
||||||
- ${SRC_FOLDER}/avatars:/root/.minio
|
- ${SRC_FOLDER}/avatars:/root/.minio
|
||||||
environment:
|
environment:
|
||||||
- MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
|
- MINIO_ROOT_USER=${AVATARS_ACCESS_KEY:-AKIAIOSFODNN7EXAMPLE}
|
||||||
- MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
|
- MINIO_ROOT_PASSWORD=${AVATARS_SECRET_KEY:-wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
# depends_on:
|
|
||||||
# - ${KEYCLOAK_DB_ADDR}
|
|
||||||
command: "server /data"
|
command: "server /data"
|
||||||
networks:
|
networks:
|
||||||
- dd_net
|
- dd_net
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue