Commit 9889bdd5 authored by Tan Jiang's avatar Tan Jiang
Browse files

store secretkey in data volume and remove it from harbor.cfg

parent 6b8d400c
master add-expect-file-from-linux-os add-retry-for-get-project-Quotas-1 angular6 bump_up_legacy_api_version cron csrf-local debug_oidc_onboard dev-center dev-center1 drone enable-code-scanning enable_ssl_on_all_components enable_tls_on_all_components f9272e25 feat/retention/GH-6655-boilerplate feat/retention/GH-6656-filter-chain-builder feat/retention/GH-6657-keep-or-delete-everything feat/retention/GH-6658-always-keep-or-delete-tag feat/retention/GH-6660-keep-most-recent-n-tags feat/retention/GH-6661-delete-older-than-n-days feat/retention/GH-7933-database-persistence feat/retention/linter-fixups feat/retention/tracking feature/pluggable_scanner_s3 fix-images fix_ldap_group_admin_dn fix_nightly fix_prepare_file_permission fixing-links harbor-cli harbor-tile-testcase insecure_target jonasrosland-patch-2 ldap_refactor maria-to-pg michmike-patch-1 michmike-patch-2 michmike-patch-3 michmike-patch-4 michmike-patch-5 michmike-patch-6 michmike-patch-7 michmike-patch-8 modify-log nightly_test ninjadq-fix-type-on-migration-doc optimize_cicd p2p_preheat ping_endpoint ping_endpoint_dev ping_endpoint_for_1.3.0 pks-0.8-hotfix pr/3775 pr/upgrade2angular5 project-quota-dev proxy_prototype query redirects ref_admin_driver refactor_ldap_group_180 release-0.5.0 release-1.1.0 release-1.10-doc release-1.10.0 release-1.2.0 release-1.3.0 release-1.4.0 release-1.5.0 release-1.5.0-chart-perm-fix release-1.6.0 release-1.7.0 release-1.8.0 release-1.9.0 release-2.0.0 remove_adminserver remove_adminserver_review rename-master-role rep-aws-drv replication replication_ng revert-8494-fix-global-search revert-9506-token-sevice sclem-helm-link sclements-1.10-cherrypick sclements-1.10-doc-updates script-project-quotas-nightly-test-case-2 seprate_harbor_portal_from_harbor_core srcipt-cnab-bundle-api-test stonezdj-patch-1.5.2 stuclem-patch-1 test_tag_retention update_clarity upgrade_clarity upgrade_clarity-2.1 upgrade_clarity_2.0 webhook-dev webhook-dev-20200303 wwp-weighting xaleeks-patch-2 xaleeks-patch-3 1.1.0-rc2 1.1.0-rc1 0.5.0 0.5.0-rc2 0.5.0-rc1 0.4.5 v2.1.0-tech-prview v2.1.0-tech-preview v2.0.2 v2.0.2-rc1 v2.0.1 v2.0.1-rc1 v2.0.0 v2.0.0-rc3 v2.0.0-rc2 v2.0.0-rc1 v1.10.4 v1.10.4-rc1 v1.10.3 v1.10.3-rc2 v1.10.3-rc1 v1.10.2 v1.10.2-rc1 v1.10.1 v1.10.1-rc1 v1.10.0 v1.10.0-rc2 v1.10.0-rc1 v1.9.4 v1.9.4-rc2 v1.9.4-rc1 v1.9.3 v1.9.3-rc1 v1.9.2 v1.9.2-rc1 v1.9.1 v1.9.1-rc1 v1.9.0 v1.9.0-rc2 v1.9.0-rc1 v1.8.6 v1.8.6-rc1 v1.8.5 v1.8.5-rc1 v1.8.4 v1.8.4-rc1 v1.8.3 v1.8.3-rc1 v1.8.2 v1.8.2-rc2 v1.8.2-rc1 v1.8.1 v1.8.0 v1.8.0-rc2 v1.8.0-rc1 v1.7.7-rc1 v1.7.6 v1.7.6-rc1 v1.7.5 v1.7.4 v1.7.3 v1.7.2 v1.7.1 v1.7.0 v1.7.0-rc2 v1.7.0-rc1 v1.6.3 v1.6.2 v1.6.1 v1.6.0 v1.6.0-rc3 v1.6.0-rc2 v1.6.0-rc1 v1.5.4 v1.5.3 v1.5.2 v1.5.2-RC1 v1.5.1 v1.5.0 v1.5.0-rc5 v1.5.0-rc4 v1.5.0-rc3 v1.5.0-rc2 v1.5.0-rc1 v1.4.1 v1.4.0 v1.4.0-rc2 v1.4.0-rc1 v1.3.0 v1.3.0-rc4 v1.3.0-rc3 v1.3.0-rc2 v1.3.0-rc1 v1.2.2 v1.2.0 v1.2.0-rc5 v1.2.0-rc4 v1.2.0-rc3 v1.2.0-rc2 v1.2.0-rc1 v1.1.2 v1.1.1 v1.1.1-rc4 v1.1.1-rc3 v1.1.1-rc2 v1.1.1-rc1 v1.1.0 v1.1.0-rc3 tile-1.3.1 tile-1.3.0
No related merge requests found
Showing with 22 additions and 11 deletions
+22 -11
......@@ -60,11 +60,6 @@ use_compressed_js = on
#Maximum number of job workers in job service
max_job_workers = 3
#Secret key for encryption/decryption of password of remote registry, its length has to be 16 chars
#**NOTE** if this changes, previously encrypted password will not be decrypted!
#Change this key before any production use.
secret_key = secretkey1234567
#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30
......@@ -92,4 +87,3 @@ crt_email = example@example.com
ssl_cert = /path/to/server.crt
ssl_cert_key = /path/to/server.key
#############
#####
......@@ -20,8 +20,6 @@ if sys.version_info[:3][0] == 3:
import io as StringIO
def validate(conf):
if len(conf.get("configuration", "secret_key")) != 16:
raise Exception("Error: The length of secret key has to be 16 characters!")
protocol = rcp.get("configuration", "ui_url_protocol")
if protocol == "https":
if not rcp.has_option("configuration", "ssl_cert"):
......@@ -35,9 +33,27 @@ def validate(conf):
if not os.path.isfile(cert_key_path):
raise Exception("Error: The path for certificate key: %s is invalid" % cert_key_path)
def get_secret_key(path):
key_file = os.path.join(path, "secretkey")
if os.path.isfile(key_file):
with open(key_file, 'r') as f:
key = f.read()
print("loaded secret key")
if len(key) != 16:
raise Exception("secret key's length has to be 16 chars, current length: %d" % len(key))
return key
if not os.path.isdir(path):
os.makedirs(path, mode=0600)
key = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
with open(key_file, 'w') as f:
f.write(key)
print("generated and saved secret key")
return key
parser = argparse.ArgumentParser()
parser.add_argument('-conf', dest='cfgfile', default = 'harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('-conf', dest='cfgfile', default='harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.")
args = parser.parse_args()
#Read configurations
......@@ -94,7 +110,8 @@ crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers")
token_expiration = rcp.get("configuration", "token_expiration")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
secret_key = rcp.get("configuration", "secret_key")
#secret_key = rcp.get("configuration", "secret_key")
secret_key = get_secret_key(args.data_volume)
########
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment