mirror of
https://github.com/zulip/zulip.git
synced 2025-11-13 10:26:28 +00:00
358a7fb0c6
Writing the secret to the supervisor configuration file makes changes to the secret requires a zulip-puppet-apply to take hold. The Docker image is constructed to avoid having to run zulip-puppet-apply on startup, and indeed cannot run zulip-puppet-apply after having configured secrets, as it has replaced the zulip.conf file with a symlink, for example. This means that camo gets the static secret that was built into the image, and not the one regenerated on first startup. Read the camo secret at process startup time. Because this pattern is likely common with "12-factor" applications which can read from environment variables, write a generic tool to map secrets to environment variables before exec'ing a binary, and use that for Camo.
507 B
Executable File
507 B
Executable File