Use secret seed for internal database passwords Getting root-only read permissions into the Postgres image would be tricky due to its init script nature. But it isn't exposed to the outside anyway.

commit: 472cfc7ff58cbd52f7ce2831fd11288b2e7630e8 [log] [tgz]
author: Nico Huber <nico.h@gmx.de> Tue Jul 25 14:20:55 2023 +0000
committer: Nico Huber <nico.h@gmx.de> Tue Jul 25 16:55:06 2023 +0000
tree: a7b834ab4c73b35a81c39e1135f67e4b20bab69f
parent: 177e6109c46c407bd40e0cfe902add9f58949c33 [diff] [blame]
diff --git a/postgres/docker/entrypoint b/postgres/docker/entrypoint
index 1782d31..be591bc 100644
--- a/postgres/docker/entrypoint
+++ b/postgres/docker/entrypoint

@@ -2,16 +2,7 @@
 
 set -e
 
+# This master password won't be known to anyone
 export POSTGRES_PASSWORD=$(mktemp -u XXXXXXXXXXXXXXXX)
 
-kc_secret=/tmp/passwd/keycloak/secret
-{
-    if [ ! -f ${kc_secret} ]; then
-        mkdir -p $(dirname ${kc_secret})
-        echo $(mktemp -u XXXXXXXXXXXXXXXX) >${kc_secret}
-    fi
-    chown root:postgres ${kc_secret}
-    chmod 444 ${kc_secret}
-}
-
 exec docker-entrypoint.sh "$@"
commit	472cfc7ff58cbd52f7ce2831fd11288b2e7630e8	[log] [tgz]
author	Nico Huber <nico.h@gmx.de>	Tue Jul 25 14:20:55 2023 +0000
committer	Nico Huber <nico.h@gmx.de>	Tue Jul 25 16:55:06 2023 +0000
tree	a7b834ab4c73b35a81c39e1135f67e4b20bab69f
parent	177e6109c46c407bd40e0cfe902add9f58949c33 [diff] [blame]