[Bug]: Docker secrets (with var _file) does not work anymore

[goegol]

What is your set up?

Cloud Hosted

Version

3.3.0

Describe the issue

When i try version 3.2.x and 3.3.0 i got the error Cannot connect to database in browser.
When i do the downgrade to 3.1.4, every thing works fine.
When i check the logs of my database i see that leantime tried to login without an password.
2024-11-03 14:36:09 3 [Warning] Access denied for user 'leantime'@'10.0.7.11' (using password: NO)
In my docker-compose im using the option LEAN_DB_PASSWORD_FILE (so as described in manual).

See also my note in bug #2735

When i do a downgrade to 3.1.4, every thing is working fine again.

Reproduction steps

1. Spinup leantime 3.2.x or 3.3.0
2. Use docker swarm with secrets support.
3. use the env var: LEAN_DB_PASSWORD_FILE
4. Leantime cant connect to db

Additional Notes

Please let me know if i can assist with testing.

[marcelfolaron]

Just to confirm it sounds like you are using docker swarm? I have not tested the set up in docker swarm and have limited knowledge about the underlying infrastructure.

What are you referring to with this string LEAN_DB_PASSWORD_FILE ? Are you referring to the environment file or the environment variable?
In the docker compose file we ship with docker the filename is .env https://github.com/Leantime/docker-leantime/blob/master/docker-compose.yml

If you are referring to the password variable for the database however it should be LEAN_DB_PASSWORD (no _file at the end). The full list of env variables is in our samples file: https://github.com/Leantime/docker-leantime/blob/master/sample.env

[gtridr]

I'm actually experiencing the same issue, in normal docker compose

If i set LEAN_DB_PASSWORD=MyPlaintextPassword in .env file, everything works fine.

When trying to use secrets, LEAN_DB_PASSWORD_FILE does not, despite secret being properly populated to a /run/secrets file, load the password from the file during bootstrap.

Instead, the app throws an exception resulting in the same error stated by OP:
[Warning] Access denied for user 'lean'@'[IP]' (using password: NO)

I logged into the container, and, assuming LEAN_DB_PASSWORD_FILE is set to /run/secrets/mysql-user-pass :

cat ${LEAN_DB_PASSWORD_FILE} does expand to the contents of /run/secrets/mysql-user-pass

[hhemelaa]

See also in the readme under subject docker secrets: https://github.com/Leantime/docker-leantime/blob/master/README.md

So in readme it's saying that's is supported by leantime.
@marcelfolaron

[marcelfolaron]

Ah, I see. Yeah the checks for the _FILE reference got lost in our start shell script. I have a PR ready to add them back and will rebuild the images: Leantime/docker-leantime#89

[gtridr]

I can open a new issue, but I'd love to see support for a few additional environment vars being passed to the bootstrap script via secrets
namely: LEAN_REDIS_PASSWORD
but also:

LEAN_DB_HOST
LEAN_DB_DATABASE
LEAN_DB_USER
LEAN_EMAIL_SMTP_USERNAME

the less info about my infrastructure i can (even potentially) expose, the better

[goegol]

In Leantime/docker-leantime#90 i added all the _FILE