From 3758975b4bc6795617b81e2859228d0433960e86 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 21 Jun 2023 02:51:53 +0000 Subject: [PATCH 1/2] Import additional secrets via file uri Fixes #25034 --- modules/setting/lfs.go | 2 ++ modules/setting/oauth2.go | 2 ++ 2 files changed, 4 insertions(+) diff --git a/modules/setting/lfs.go b/modules/setting/lfs.go index 140a96f9eda8c..784a99582d4c5 100644 --- a/modules/setting/lfs.go +++ b/modules/setting/lfs.go @@ -53,6 +53,8 @@ func loadLFSFrom(rootCfg ConfigProvider) error { return nil } + LFS.JWTSecretBase64 = loadSecret(rootCfg.Section("lfs"), "LFS_JWT_SECRET_URI", "LFS_JWT_SECRET") + LFS.JWTSecretBytes = make([]byte, 32) n, err := base64.RawURLEncoding.Decode(LFS.JWTSecretBytes, []byte(LFS.JWTSecretBase64)) diff --git a/modules/setting/oauth2.go b/modules/setting/oauth2.go index 83c607a416a9c..9113d72e8e86f 100644 --- a/modules/setting/oauth2.go +++ b/modules/setting/oauth2.go @@ -116,6 +116,8 @@ func loadOAuth2From(rootCfg ConfigProvider) { return } + OAuth2.JWTSecretBase64 = loadSecret(rootCfg.Section("oauth2"), "JWT_SECRET_URI", "JWT_SECRET") + if !filepath.IsAbs(OAuth2.JWTSigningPrivateKeyFile) { OAuth2.JWTSigningPrivateKeyFile = filepath.Join(AppDataPath, OAuth2.JWTSigningPrivateKeyFile) } From b7305381779319fa277126163c8a2a56dcab54ea Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 21 Jun 2023 14:33:59 +0000 Subject: [PATCH 2/2] update log message --- modules/setting/security.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/setting/security.go b/modules/setting/security.go index c39eb7f3ebd6a..5f1f9f4ade894 100644 --- a/modules/setting/security.go +++ b/modules/setting/security.go @@ -76,7 +76,7 @@ func loadSecret(sec ConfigSection, uriKey, verbatimKey string) string { // only file URIs are allowed default: - log.Fatal("Unsupported URI-Scheme %q (INTERNAL_TOKEN_URI = %q)", tempURI.Scheme, uri) + log.Fatal("Unsupported URI-Scheme %q (%q = %q)", tempURI.Scheme, uriKey, uri) return "" } }