From c04af737b46f1ad0e48edc839e492182564d69a2 Mon Sep 17 00:00:00 2001
From: jbpaux <9682558+jbpaux@users.noreply.github.com>
Date: Fri, 24 Dec 2021 17:13:23 +0100
Subject: [PATCH] GUACAMOLE-1418: Make use of secrets files clearer

---
 guacamole-docker/README.md    | 34 +++++++++++++++++++++-------------
 guacamole-docker/bin/start.sh | 18 +++++++++++++++---
 2 files changed, 36 insertions(+), 16 deletions(-)

diff --git a/guacamole-docker/README.md b/guacamole-docker/README.md
index 606269f16..0f6200f89 100644
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -166,16 +166,6 @@ documented in
 Deploying Guacamole with SQLServer authentication
 --------------------------------------------------
 
-    docker run --name some-guacamole --link some-guacd:guacd \
-        --link some-sqlserver:sqlserver      \
-        -e SQLSERVER_DATABASE=guacamole_db  \
-        -e SQLSERVER_USER=guacamole_user    \
-        -e SQLSERVER_PASSWORD=some_password \
-        -e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
-        -e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
-        -e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
-        -d -p 8080:8080 guacamole/guacamole
-
 Linking Guacamole to SQLServer requires three environment variables. If any of
 these environment variables are omitted, you will receive an error message, and
 the image will stop:
@@ -185,14 +175,32 @@ the image will stop:
 2. `SQLSERVER_USER` - The user that Guacamole will use to connect to SQLServer.
 3. `SQLSERVER_PASSWORD` - The password that Guacamole will provide when
    connecting to SQLServer as `SQLSERVER_USER`.
-4. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
+
+    docker run --name some-guacamole --link some-guacd:guacd \
+        --link some-sqlserver:sqlserver      \
+        -e SQLSERVER_DATABASE=guacamole_db  \
+        -e SQLSERVER_USER=guacamole_user    \
+        -e SQLSERVER_PASSWORD=some_password \
+        -d -p 8080:8080 guacamole/guacamole
+
+Alternatively, if you want to store database credentials using Docker secrets,
+the following three variables are required and replace the previous three:
+
+1. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
    of database to use for Guacamole authentication.
-5. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
+2. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
    the user that Guacamole will use to connect to SQLServer.
-6. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
+3. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
    password that Guacamole will provide when connecting to SQLServer as
    `SQLSERVER_USER.
 
+    docker run --name some-guacamole --link some-guacd:guacd \
+        --link some-sqlserver:sqlserver      \
+        -e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
+        -e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
+        -e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
+        -d -p 8080:8080 guacamole/guacamole
+
 ### Initializing the SQLServer database
 
 If your database is not already initialized with the Guacamole schema, you will
diff --git a/guacamole-docker/bin/start.sh b/guacamole-docker/bin/start.sh
index 74497f37b..acd4ada99 100755
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -409,9 +409,7 @@ sqlserver_missing_vars() {
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
 If using a SQLServer database, you must provide each of the following
-environment variables or their corresponding Docker secrets by appending _FILE
-to the environment variable, and setting the value to the path of the
-corresponding secret:
+environment variables:
 
     SQLSERVER_USER     The user to authenticate as when connecting to
                        SQLServer.
@@ -421,6 +419,20 @@ corresponding secret:
 
     SQLSERVER_DATABASE The name of the SQLServer database to use for Guacamole
                        authentication.
+
+Alternatively, if you want to store database credentials using Docker secrets,
+set the path of the corresponding secrets in the following three variables:
+
+    SQLSERVER_DATABASE_FILE   The path of the docker secret containing the name
+                              of database to use for Guacamole authentication.
+
+    SQLSERVER_USER_FILE       The path of the docker secret containing the name of
+                              the user that Guacamole will use to connect to SQLServer.
+
+    SQLSERVER_PASSWORD_FILE   The path of the docker secret containing the
+                              password that Guacamole will provide when connecting to 
+                              SQLServer as SQLSERVER_USER.
+
 END
     exit 1;
 }