lyra_phasma/opencloud-compose
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud-compose.git synced 2026-06-08 12:10:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(keycloak): prevent env vars from being printed in logs

Browse Source 
The problem is credentials are displayed in the console, which poses a security risk in production. Printing the environment variables for log levels 'trace/debug' would help when debugging.
This commit is contained in:
aleksa.radojicic
2026-01-25 11:46:52 +01:00
parent a79de3c5ee
commit 1a231fa807
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
config/keycloak/docker-entrypoint-override.sh
View File

@@ -1,5 +1,8 @@
#!/bin/bash #!/bin/bash
printenv # print env variables for trace/debug log levels
log_level=$(printf '%s' "$KC_LOG_LEVEL" | tr '[:upper:]' '[:lower:]')
case "$log_level" in trace|debug) printenv ;; *) ;; esac
# replace openCloud domain and LDAP password in keycloak realm import # replace openCloud domain and LDAP password in keycloak realm import
mkdir /opt/keycloak/data/import mkdir /opt/keycloak/data/import
sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/openCloud-realm.json > /opt/keycloak/data/import/openCloud-realm.json sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/openCloud-realm.json > /opt/keycloak/data/import/openCloud-realm.json