Feature Description
Add the ENV AGENT_TOKEN_FILE to get the agent a more secure way for transmitting the token.
Problem It Solves
The security Problem, that u have to write your secret into the compose file
Proposed Solution
set a env name AGENT_TOKEN_FILE and give him the path how can the token be read
...
restart: unless-stopped
environment:
- AGENT_TOKEN_FILE=/run/secrets/AGENT_TOKEN
...
secrets:
AGENT_TOKEN:
external: true
Alternatives Considered
workaround until its implemented
# Edge agent - connects outbound, no exposed ports required
services:
# arcane agent
arcane-edge-agent:
image: ghcr.io/getarcaneapp/arcane-headless:latest
container_name: arcane-edge-agent
restart: unless-stopped
environment:
- EDGE_AGENT=true
- MANAGER_API_URL=http://xxx.xxx.xxx.xxx:nnnn
- LOG_LEVEL=warn
- LISTEN=xxx.xxx.xxx.xxx
volumes:
- /run/user/xxxx/podman/podman.sock:/var/run/docker.sock
- /home/runner/arcane-agent:/app/data
- /proc:/proc
- /etc/localtime:/etc/localtime
command: bash -c 'declare -x AGENT_TOKEN=$(cat /run/secrets/AGENT_TOKEN) && ./arcane-agent'
network_mode: bridge
secrets:
- AGENT_TOKEN
ports:
- xxx.xxx.xxx.xxx:nnnn:nnnn
secrets:
AGENT_TOKEN:
external: true
the point to work is
command: bash -c 'declare -x AGENT_TOKEN=$(cat /run/secrets/AGENT_TOKEN) && ./arcane-agent'
Additional Context
No response
Would you be willing to work on this feature?
Feature Description
Add the ENV AGENT_TOKEN_FILE to get the agent a more secure way for transmitting the token.
Problem It Solves
The security Problem, that u have to write your secret into the compose file
Proposed Solution
set a env name AGENT_TOKEN_FILE and give him the path how can the token be read
Alternatives Considered
workaround until its implemented
the point to work is
command: bash -c 'declare -x AGENT_TOKEN=$(cat /run/secrets/AGENT_TOKEN) && ./arcane-agent'Additional Context
No response
Would you be willing to work on this feature?