From f4d04e6805124410122b30382849e11ec96b475c Mon Sep 17 00:00:00 2001
From: Olivier Pichon <op@dzangolab.com>
Date: Sat, 1 May 2021 16:24:48 +0700
Subject: [PATCH] feat(mysql-backup-s3): add support for Docker secrets

Mysql password can be supplied via `MYSQL_PASSWORD_FILE` which points to a file containing the Mysql password. This would typically be `/run/secrets/mysql-password`, where `mysql-passwrd` is a Docker secret containing the password.

S3 secret access key can be supplied via `S3_SECRET_ACCESS_KEY_FILE`, which points to a file containing the secret access key. This would typically be `/run/secrets/s3-secret-access-key`, where `s3-secret-access-key` is a Docker secret containing the secret access key.
---
 mysql-backup-s3/README.md | 2 ++
 mysql-backup-s3/backup.sh | 8 ++++++++
 2 files changed, 10 insertions(+)

diff --git a/mysql-backup-s3/README.md b/mysql-backup-s3/README.md
index bb0d3f7..2ca67c4 100644
--- a/mysql-backup-s3/README.md
+++ b/mysql-backup-s3/README.md
@@ -16,8 +16,10 @@ $ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET
 - `MYSQL_PORT` the mysql port (default: 3306)
 - `MYSQL_USER` the mysql user *required*
 - `MYSQL_PASSWORD` the mysql password *required*
+- `MYSQL_PASSWORD_FILE` path to file containing the mysql password; alternative to `MYSQL_PASSWORD`
 - `S3_ACCESS_KEY_ID` your AWS access key *required*
 - `S3_SECRET_ACCESS_KEY` your AWS secret key *required*
+- `S3_SECRET_ACCESS_KEY_FILE` path to file containing  your AWS secret key; alternative to `S3_SECRET_ACCESS_KEYs`
 - `S3_BUCKET` your AWS S3 bucket path *required*
 - `S3_PREFIX` path prefix in your bucket (default: 'backup')
 - `S3_FILENAME` a consistent filename to overwrite with your backup.  If not set will use a timestamp.
diff --git a/mysql-backup-s3/backup.sh b/mysql-backup-s3/backup.sh
index eb604e4..75b0cb3 100644
--- a/mysql-backup-s3/backup.sh
+++ b/mysql-backup-s3/backup.sh
@@ -2,6 +2,14 @@
 
 set -e
 
+if [ -n "${MYSQL_PASSWORD_FILE}" ]; then
+  export MYSQL_PASSWORD=$(cat $MYSQL_PASSWORD_FILE)
+fi
+
+if [ -n "${S3_SECRET_ACCESS_KEY_FILE}" ]; then
+  export S3_SECRET_ACCESS_KEY=$(cat $S3_SECRET_ACCESS_KEY_FILE)
+fi
+
 if [ "${S3_ACCESS_KEY_ID}" == "**None**" ]; then
   echo "Warning: You did not set the S3_ACCESS_KEY_ID environment variable."
 fi