From f4119771e1b30dad397fa05426b2f1f632e4877b Mon Sep 17 00:00:00 2001
From: paspo <paolo@asperti.com>
Date: Mon, 4 Dec 2023 17:26:06 +0100
Subject: [PATCH] secrets support

---
 README.md                    |  1 +
 src/rootfs/app/entrypoint.sh | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 743e6ee..25ce33b 100644
--- a/README.md
+++ b/README.md
@@ -18,6 +18,7 @@ services:
       - /dev/net/tun # needed for tap access
     environment:
       VPN_PASSWORD: "ThePassw0rd"
+#      VPN_PASSWORD_FILE: /run/secrets/MYPASSWD # example with docker secrets file
       SERVER: vpn.server.it
       LIC_FILE: /config/vpn.lic
     volumes:
diff --git a/src/rootfs/app/entrypoint.sh b/src/rootfs/app/entrypoint.sh
index 9985e03..9cec289 100755
--- a/src/rootfs/app/entrypoint.sh
+++ b/src/rootfs/app/entrypoint.sh
@@ -18,18 +18,28 @@ CONFIGFILE="${CONFIGDIR}/barracudavpn.conf"
 
 mkdir -p "${CONFIGDIR}"
 
-if [ -z "${VPN_PASSWORD}" ]; then
-    echo "You need to specify the password (VPN_PASSWORD env variable)"
+if [ -z "${VPN_PASSWORD}${VPN_PASSWORD_FILE}" ]; then
+    echo "You need to specify the password (VPN_PASSWORD or VPN_PASSWORD_FILE env variable)"
     exit 1
 fi
 
+if [ ! -z "${VPN_PASSWORD_FILE}" ]; then
+    if [ ! -r "${LIC_FILE}" ]; then
+        echo "The specified password file (${VPN_PASSWORD_FILE}) is not readable"
+        exit 1
+    fi
+fi
+
+VPN_PASSWORD_FILE_CONTENT=$(cat "${VPN_PASSWORD_FILE}")
+VPN_PASSWORD=${VPN_PASSWORD:-$VPN_PASSWORD_FILE_CONTENT}
+
 if [ -z "${LIC_FILE}" ]; then
     echo "You need to specify the path to the license file (LIC_FILE env variable)"
     exit 1
 fi
 
 if [ ! -r "${LIC_FILE}" ]; then
-    echo "The license file is not readable"
+    echo "The license file (${LIC_FILE}) is not readable"
     exit 1
 fi