Secret Access Token

[wymangr]

Maybe I'm missing a way to do this, but I'm trying to keep my Azure DevOps Access Token out of the docker-compose file. In other instances, I've stored it as a "secret", then create a custom entrypoint that set's the env variable based on that secret. Here's an example:

docker-compose.yml

version: '3.5'
services:
  azure-devops-exporter:
    image: webdevops/azure-devops-exporter:21.5.0
    container_name: azure-devops-exporter
    entrypoint: /entrypoint
    environment:
      - AZURE_DEVOPS_URL=https://dev.azure.com/org
      - AZURE_DEVOPS_ORGANISATION=org
      - SCRAPE_TIME_PULLREQUEST=30s
    restart: unless-stopped
    volumes:
      - ./entrypoint.sh:/entrypoint
    ports:
      - 8080:8080
    secrets:
      - devops_token
secrets:
  devops_token:
    file: ./secrets/devops_token

entrypoint.sh

#!/bin/bash -e

export AZURE_DEVOPS_ACCESS_TOKEN=$(cat /run/secrets/devops_token)

/azure-devops-exporter

The problem is, because this is a "distroless" container there is no shell to execute the custom entrypoint. Is there another way to pass in my access token without putting it in the docker-compose file? I know some other images support putting "__FILE" at the end of the env variable to pass in a file for the variable like this:

environment:
  - AZURE_DEVOPS_ACCESS_TOKEN__FILE=/run/secrets/devops_token

But that doesn't look like it's supported in this image.

Thanks for the help!

[wymangr]

I ended up just creating my own Dockerfile using the Centos image. I think being able to add a secret token to your Dockerfile would be a good feature, if you disagree, feel free to close out this issue.