# Variables by Secrets

Sample script that allows you to define as environment variables the name of the docker secret that contains the secret value.
It will be in charge of analyze all the environment variables searching for the placeholder to substitute the variable value
by the secret.

## Usage

You can define the next environment variables:

``` bash
$ env | grep DB_
DB_HOST=my-db-host
DB_USER=my-db-user
DB_PASS=my-db-pass
```

And nothing would happen. None of the variables would be modified when starting the container.

But if you define variables with the defined placeholder it will expand the value with the referred secret.

### Example

Create Secret
``` bash
echo "my-db-pass" | docker secret create secret-db-pass -
```

``` bash
$ env | grep DB_
DB_HOST=my-db-host
DB_USER=my-db-user
DB_PASS={{DOCKER-SECRET:secret-db-pass}}
```

When starting the script will search for the placeholder `{{DOCKER-SECRET:xxxx}}` on each
environment variable and will substitute the value by the content of the secret `xxxx`,
in this example it means to end up with:

``` bash
DB_HOST=my-db-host
DB_USER=my-db-user
DB_PASS=my-db-pass
```

### How to use it

If you want to use this feature on any image just add the env_secrets_expand.sh
file in your container entrypoint script and invoke it with `source env_secrets_expand.sh`

### How to test this

Build a sample image with the required dependency and enter into it:

``` bash
docker run --rm -v $PWD:/test -it alpine sh
```

Just emulate the creation of a secret and the example variables with the next commands:

``` bash
mkdir -p /run/secrets/
echo "my-db-pass" > /run/secrets/secret-db-pass
export DB_HOST=my-db-host
export DB_USER=my-db-user
export DB_PASS={{DOCKER-SECRET:secret-db-pass}}
```

Execute the script:

``` bash
ENV_SECRETS_DEBUG=true /test/env_secrets_expand.sh
```