Commit 9889bdd5 authored by Tan Jiang's avatar Tan Jiang
Browse files

store secretkey in data volume and remove it from harbor.cfg

parent 6b8d400c
No related merge requests found
Showing with 22 additions and 11 deletions
+22 -11
......@@ -60,11 +60,6 @@ use_compressed_js = on
#Maximum number of job workers in job service
max_job_workers = 3
#Secret key for encryption/decryption of password of remote registry, its length has to be 16 chars
#**NOTE** if this changes, previously encrypted password will not be decrypted!
#Change this key before any production use.
secret_key = secretkey1234567
#The expiration time (in minute) of token created by token service, default is 30 minutes
token_expiration = 30
......@@ -92,4 +87,3 @@ crt_email = example@example.com
ssl_cert = /path/to/server.crt
ssl_cert_key = /path/to/server.key
#############
#####
......@@ -20,8 +20,6 @@ if sys.version_info[:3][0] == 3:
import io as StringIO
def validate(conf):
if len(conf.get("configuration", "secret_key")) != 16:
raise Exception("Error: The length of secret key has to be 16 characters!")
protocol = rcp.get("configuration", "ui_url_protocol")
if protocol == "https":
if not rcp.has_option("configuration", "ssl_cert"):
......@@ -35,9 +33,27 @@ def validate(conf):
if not os.path.isfile(cert_key_path):
raise Exception("Error: The path for certificate key: %s is invalid" % cert_key_path)
def get_secret_key(path):
key_file = os.path.join(path, "secretkey")
if os.path.isfile(key_file):
with open(key_file, 'r') as f:
key = f.read()
print("loaded secret key")
if len(key) != 16:
raise Exception("secret key's length has to be 16 chars, current length: %d" % len(key))
return key
if not os.path.isdir(path):
os.makedirs(path, mode=0600)
key = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
with open(key_file, 'w') as f:
f.write(key)
print("generated and saved secret key")
return key
parser = argparse.ArgumentParser()
parser.add_argument('-conf', dest='cfgfile', default = 'harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('-conf', dest='cfgfile', default='harbor.cfg',type=str,help="the path of Harbor configuration file")
parser.add_argument('--data-volume', dest='data_volume', default='/data/',type=str,help="the path of Harbor data volume, which is set in template of docker-compose.")
args = parser.parse_args()
#Read configurations
......@@ -94,7 +110,8 @@ crt_email = rcp.get("configuration", "crt_email")
max_job_workers = rcp.get("configuration", "max_job_workers")
token_expiration = rcp.get("configuration", "token_expiration")
verify_remote_cert = rcp.get("configuration", "verify_remote_cert")
secret_key = rcp.get("configuration", "secret_key")
#secret_key = rcp.get("configuration", "secret_key")
secret_key = get_secret_key(args.data_volume)
########
ui_secret = ''.join(random.choice(string.ascii_letters+string.digits) for i in range(16))
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment