File tree Expand file tree Collapse file tree
security/hashicorp-vault/tools Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ FROM node:alpine AS build
2+
3+ WORKDIR /app
4+
5+ COPY package.json package-lock.json ./
6+
7+ RUN npm ci
8+
9+ COPY . .
10+
11+ RUN npm run build
12+
113FROM node:alpine
214
3- RUN apk add jq curl && adduser -D auth
15+ RUN apk add jq curl
16+
17+ WORKDIR /app
18+
19+ COPY --from=build /app/dist ./dist
20+ COPY --from=build /app/node_modules ./node_modules
21+
22+ COPY --chmod=700 ./devops/backend-services/auth/auth.sh /usr/local/bin/auth.sh
23+
24+ RUN adduser -D auth && \
25+ chown -R auth:auth /app && \
26+ chown auth:auth /usr/local/bin/auth.sh
427
5- COPY --chown= auth:auth --chmod=700 ./auth.sh /usr/local/bin/auth.sh
28+ USER auth
629
730ENTRYPOINT ["auth.sh" ]
Original file line number Diff line number Diff line change @@ -12,4 +12,4 @@ export DATABASE_URL=$(jq -r .data.data.database_url /tmp/data)
1212
1313rm -f /tmp/data
1414
15- exec node
15+ exec node /app/dist/main.js
Original file line number Diff line number Diff line change 22
33set -eu
44
5- curl -X GET http://vault:6666 /v1/secret/data/postgres --header " X-Vault-Token: $( jq -r .auth.client_token < /token/token) " --silent --output /token/data
5+ curl -X GET http://vault:$PORT_VAULT /v1/secret/data/postgres --header " X-Vault-Token: $( jq -r .auth.client_token < /token/token) " --silent --output /token/data
66
77jq -r .data.data.password < /token/data > /token/passfile
88
@@ -22,7 +22,7 @@ rm -rf /token/passfile
2222
2323pg_ctl -o " -p $PGPORT -c listen_addresses='*'" start
2424
25- echo " host all all 0.0.0.0/0 scram-sha-256" >> /var/lib/postgresql/18/docker /pg_hba.conf
25+ echo " host all all 0.0.0.0/0 scram-sha-256" >> $PGDATA /pg_hba.conf
2626
2727export PGPASSWORD=$( jq -r .data.data.password < /token/data)
2828createdb -U $( jq -r .data.data.username < /token/data) prisma
Original file line number Diff line number Diff line change @@ -17,7 +17,7 @@ vault policy write postgres /tools/policy.hcl > /dev/null
1717
1818DB_PASS=$( openssl rand -hex 12)
1919DB_USER=$( openssl rand -hex 12)
20- DATABASE_URL=" postgresql://${DB_USER} :${DB_PASS} @localhost :${PORT_POSTGRES} /prisma?schema=public"
20+ DATABASE_URL=" postgresql://${DB_USER} :${DB_PASS} @database :${PORT_POSTGRES} /prisma?schema=public"
2121
2222vault kv put -mount=secret postgres username=" $DB_USER " password=" $DB_PASS " database_url=" $DATABASE_URL " > /dev/null
2323
Original file line number Diff line number Diff line change @@ -20,8 +20,12 @@ services:
2020 retries : 3
2121 restart : on-failure
2222 auth :
23- build : ./backend-services/auth/
23+ build :
24+ context : ../../
25+ dockerfile : devops/backend-services/auth/Dockerfile
2426 container_name : auth
27+ env_file :
28+ - .env
2529 networks :
2630 - saas
2731 volumes :
You can’t perform that action at this time.
0 commit comments