diff --git a/internal/configuration/reader.go b/internal/configuration/reader.go index 52f86d817..725bcfda3 100644 --- a/internal/configuration/reader.go +++ b/internal/configuration/reader.go @@ -19,7 +19,17 @@ func check(e error) { func Read(configPath string) (*schema.Configuration, []error) { viper.SetEnvPrefix("AUTHELIA") viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_")) - viper.AutomaticEnv() + + // we need to bind all env variables as long as https://github.com/spf13/viper/issues/761 + // is not resolved. + viper.BindEnv("jwt_secret") + viper.BindEnv("duo_api.secret_key") + viper.BindEnv("session.secret") + viper.BindEnv("authentication_backend.ldap.password") + viper.BindEnv("notifier.smtp.password") + viper.BindEnv("session.redis.password") + viper.BindEnv("storage.mysql.password") + viper.BindEnv("storage.postgres.password") viper.SetConfigFile(configPath) diff --git a/internal/configuration/reader_test.go b/internal/configuration/reader_test.go index 7d802fe16..5e455e611 100644 --- a/internal/configuration/reader_test.go +++ b/internal/configuration/reader_test.go @@ -9,11 +9,14 @@ import ( ) func TestShouldParseConfigFile(t *testing.T) { - err := os.Setenv("AUTHELIA_JWT_SECRET", "secret_from_env") - require.NoError(t, err) - - err = os.Setenv("AUTHELIA_DUO_API_SECRET_KEY", "duo_secret_from_env") - require.NoError(t, err) + require.NoError(t, os.Setenv("AUTHELIA_JWT_SECRET", "secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_DUO_API_SECRET_KEY", "duo_secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_SESSION_SECRET", "session_secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD", "ldap_secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_NOTIFIER_SMTP_PASSWORD", "smtp_secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_SESSION_REDIS_PASSWORD", "redis_secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_STORAGE_MYSQL_PASSWORD", "mysql_secret_from_env")) + require.NoError(t, os.Setenv("AUTHELIA_STORAGE_POSTGRES_PASSWORD", "postgres_secret_from_env")) config, errors := Read("./test_resources/config.yml") @@ -29,6 +32,13 @@ func TestShouldParseConfigFile(t *testing.T) { assert.Equal(t, "ABCDEF", config.DuoAPI.IntegrationKey) assert.Equal(t, "duo_secret_from_env", config.DuoAPI.SecretKey) + assert.Equal(t, "session_secret_from_env", config.Session.Secret) + assert.Equal(t, "ldap_secret_from_env", config.AuthenticationBackend.Ldap.Password) + assert.Equal(t, "smtp_secret_from_env", config.Notifier.SMTP.Password) + assert.Equal(t, "redis_secret_from_env", config.Session.Redis.Password) + assert.Equal(t, "mysql_secret_from_env", config.Storage.MySQL.Password) + assert.Equal(t, "postgres_secret_from_env", config.Storage.PostgreSQL.Password) + assert.Equal(t, "deny", config.AccessControl.DefaultPolicy) assert.Len(t, config.AccessControl.Rules, 11) } diff --git a/internal/configuration/test_resources/config.yml b/internal/configuration/test_resources/config.yml index 3ba389a5f..8bedc2845 100644 --- a/internal/configuration/test_resources/config.yml +++ b/internal/configuration/test_resources/config.yml @@ -4,7 +4,6 @@ host: 127.0.0.1 port: 9091 -jwt_secret: unsecure_secret logs_level: debug default_redirection_url: https://home.example.com:8080/ @@ -15,7 +14,6 @@ totp: duo_api: hostname: api-123456789.example.com integration_key: ABCDEF - secret_key: 1234567890abcdefghifjkl authentication_backend: ldap: @@ -28,7 +26,6 @@ authentication_backend: group_name_attribute: cn mail_attribute: mail user: cn=admin,dc=example,dc=com - password: password access_control: default_policy: deny @@ -90,14 +87,12 @@ access_control: session: name: authelia_session - secret: unsecure_session_secret expiration: 3600000 # 1 hour inactivity: 300000 # 5 minutes domain: example.com redis: host: 127.0.0.1 port: 6379 - password: authelia regulation: max_retries: 3 @@ -110,12 +105,10 @@ storage: port: 3306 database: authelia username: authelia - password: authelia notifier: smtp: username: test - password: password host: 127.0.0.1 port: 1025 sender: admin@example.com