feat: enabled loading http-api-token from file (#1728)

piksel · web-flow · commit 9f6076669264 · 2023-08-12T19:19:08.000+02:00
diff --git a/docs/arguments.md b/docs/arguments.md
@@ -27,6 +27,33 @@ In the example above, watchtower will execute an upgrade attempt on the containe
 
 When no arguments are specified, watchtower will monitor all running containers.
 
+## Secrets/Files
+
+Some arguments can also reference a file, in which case the contents of the file are used as the value.
+This can be used to avoid putting secrets in the configuration file or command line.
+
+The following arguments are currently supported (including their corresponding `WATCHTOWER_` environment variables):
+ - `notification-url`
+ - `notification-email-server-password`
+ - `notification-slack-hook-url`
+ - `notification-msteams-hook`
+ - `notification-gotify-token`
+ - `http-api-token`
+
+### Example docker-compose usage
+```yaml
+secrets:
+  access_token:
+    file: access_token
+
+services:
+  watchtower:
+    secrets:
+      - access_token
+    environment:
+      - WATCHTOWER_HTTP_API_TOKEN=/run/secrets/access_token
+```
+
 ## Help
 Shows documentation about the supported flags.
 
@@ -270,6 +297,7 @@ Environment Variable: WATCHTOWER_HTTP_API_UPDATE
 
 ## HTTP API Token
 Sets an authentication token to HTTP API requests.
+Can also reference a file, in which case the contents of the file are used.
 
 ```text
             Argument: --http-api-token
@@ -363,4 +391,4 @@ requests and may rate limit pull requests (mainly docker.io).
 Environment Variable: WATCHTOWER_WARN_ON_HEAD_FAILURE
      Possible values: always, auto, never
              Default: auto
-```
+```
diff --git a/internal/flags/flags.go b/internal/flags/flags.go
@@ -466,6 +466,7 @@ func GetSecretsFromFiles(rootCmd *cobra.Command) {
 		"notification-msteams-hook",
 		"notification-gotify-token",
 		"notification-url",
+		"http-api-token",
 	}
 	for _, secret := range secrets {
 		if err := getSecretFromFile(flags, secret); err != nil {
diff --git a/internal/flags/flags_test.go b/internal/flags/flags_test.go
@@ -90,6 +90,7 @@ func TestGetSliceSecretsFromFiles(t *testing.T) {
 func testGetSecretsFromFiles(t *testing.T, flagName string, expected string, args ...string) {
 	cmd := new(cobra.Command)
 	SetDefaults()
+	RegisterSystemFlags(cmd)
 	RegisterNotificationFlags(cmd)
 	require.NoError(t, cmd.ParseFlags(args))
 	GetSecretsFromFiles(cmd)

Original file line number	Diff line number	Diff line change
`@@ -466,6 +466,7 @@ func GetSecretsFromFiles(rootCmd *cobra.Command) {`
`466`	`466`	`"notification-msteams-hook",`
`467`	`467`	`"notification-gotify-token",`
`468`	`468`	`"notification-url",`
	`469`	`+ "http-api-token",`
`469`	`470`	`}`
`470`	`471`	`for _, secret := range secrets {`
`471`	`472`	`if err := getSecretFromFile(flags, secret); err != nil {`