Skip to content

Commit 4beffe0

Browse files
leojonathanohleojonathanoh
authored
Merge pull request #19 from theohbrothers/docs/readme-add-secrets-section-about-how-to-separate-configuration-from-secrets
Docs (readme): Add Secrets section about how to separate configuration from secrets
2 parents 58f87dd + de98fbf commit 4beffe0

File tree

2 files changed

+36
-0
lines changed

2 files changed

+36
-0
lines changed

README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,6 +170,24 @@ For cron-based sync and backup with notifications, see `docker-compose` example(
170170
- [Cron-based sync and backup (same container) with curl notifications](docs/examples/cron-sync-backup)
171171
- [Cron-based sync and backup (separate containers) with curl notifications](docs/examples/cron-sync-backup-separate)
172172

173+
### Secrets
174+
175+
Instead of typing secrets as plain text in `/mbsyncrc` config file for the `User` and `Pass` options of `IMAPStore` (or `IMAPAccount`), use `UserCmd` or `PassCmd` which accepts a [shell command](https://isync.sourceforge.io/mbsync.html). This helps to separate configuration from secrets.
176+
177+
For example, if secrets are bind mounted as files in `/run/secrets/user` and `/run/secrets/pass`, use the following:
178+
179+
```sh
180+
UserCmd "cat /run/secrets/user"
181+
PassCmd "cat /run/secrets/pass"
182+
```
183+
184+
If secrets are in environment variables `IMAP_USER` and `IMAP_PASS`, use the following:
185+
186+
```sh
187+
UserCmd "echo $IMAP_USER"
188+
PassCmd "echo $IMAP_PASS"
189+
```
190+
173191
### Command line usage
174192

175193
To view command line usage:

generate/templates/README.md.ps1

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -185,6 +185,24 @@ For cron-based sync and backup with notifications, see `docker-compose` example(
185185
- [Cron-based sync and backup (same container) with curl notifications](docs/examples/cron-sync-backup)
186186
- [Cron-based sync and backup (separate containers) with curl notifications](docs/examples/cron-sync-backup-separate)
187187
188+
### Secrets
189+
190+
Instead of typing secrets as plain text in `/mbsyncrc` config file for the `User` and `Pass` options of `IMAPStore` (or `IMAPAccount`), use `UserCmd` or `PassCmd` which accepts a [shell command](https://isync.sourceforge.io/mbsync.html). This helps to separate configuration from secrets.
191+
192+
For example, if secrets are bind mounted as files in `/run/secrets/user` and `/run/secrets/pass`, use the following:
193+
194+
```sh
195+
UserCmd "cat /run/secrets/user"
196+
PassCmd "cat /run/secrets/pass"
197+
```
198+
199+
If secrets are in environment variables `IMAP_USER` and `IMAP_PASS`, use the following:
200+
201+
```sh
202+
UserCmd "echo $IMAP_USER"
203+
PassCmd "echo $IMAP_PASS"
204+
```
205+
188206
### Command line usage
189207
190208
To view command line usage:

0 commit comments

Comments
 (0)