GUACAMOLE-1418: Make use of secrets files clearer

2025-09-06 05:07:41 +00:00 · 2021-12-24 17:13:23 +01:00
parent f66c81f351
commit c04af737b4
2 changed files with 36 additions and 16 deletions
--- a/guacamole-docker/README.md
+++ b/guacamole-docker/README.md
@@ -166,16 +166,6 @@ documented in
 Deploying Guacamole with SQLServer authentication
 --------------------------------------------------

-    docker run --name some-guacamole --link some-guacd:guacd \
-        --link some-sqlserver:sqlserver      \
-        -e SQLSERVER_DATABASE=guacamole_db  \
-        -e SQLSERVER_USER=guacamole_user    \
-        -e SQLSERVER_PASSWORD=some_password \
-        -e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
-        -e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
-        -e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
-        -d -p 8080:8080 guacamole/guacamole
-
 Linking Guacamole to SQLServer requires three environment variables. If any of
 these environment variables are omitted, you will receive an error message, and
 the image will stop:
@@ -185,14 +175,32 @@ the image will stop:
 2. `SQLSERVER_USER` - The user that Guacamole will use to connect to SQLServer.
 3. `SQLSERVER_PASSWORD` - The password that Guacamole will provide when
   connecting to SQLServer as `SQLSERVER_USER`.
-4. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
+
+    docker run --name some-guacamole --link some-guacd:guacd \
+        --link some-sqlserver:sqlserver      \
+        -e SQLSERVER_DATABASE=guacamole_db  \
+        -e SQLSERVER_USER=guacamole_user    \
+        -e SQLSERVER_PASSWORD=some_password \
+        -d -p 8080:8080 guacamole/guacamole
+
+Alternatively, if you want to store database credentials using Docker secrets,
+the following three variables are required and replace the previous three:
+
+1. `SQLSERVER_DATABASE_FILE` - The path of the docker secret containing the name
   of database to use for Guacamole authentication.
-5. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
+2. `SQLSERVER_USER_FILE` - The path of the docker secret containing the name of
   the user that Guacamole will use to connect to SQLServer.
-6. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
+3. `SQLSERVER_PASSWORD_FILE` - The path of the docker secret containing the
   password that Guacamole will provide when connecting to SQLServer as
   `SQLSERVER_USER.

+    docker run --name some-guacamole --link some-guacd:guacd \
+        --link some-sqlserver:sqlserver      \
+        -e SQLSERVER_DATABASE_FILE=/run/secrets/<secret_name> \
+        -e SQLSERVER_USER_FILE=/run/secrets/<secret_name> \
+        -e SQLSERVER_PASSWORD_FILE=/run/secrets/<secret_name> \
+        -d -p 8080:8080 guacamole/guacamole
+
 ### Initializing the SQLServer database

 If your database is not already initialized with the Guacamole schema, you will
--- a/guacamole-docker/bin/start.sh
+++ b/guacamole-docker/bin/start.sh
@@ -409,9 +409,7 @@ sqlserver_missing_vars() {
 FATAL: Missing required environment variables
 -------------------------------------------------------------------------------
 If using a SQLServer database, you must provide each of the following
-environment variables or their corresponding Docker secrets by appending _FILE
-to the environment variable, and setting the value to the path of the
-corresponding secret:
+environment variables:

    SQLSERVER_USER     The user to authenticate as when connecting to
                       SQLServer.
@@ -421,6 +419,20 @@ corresponding secret:

    SQLSERVER_DATABASE The name of the SQLServer database to use for Guacamole
                       authentication.
+
+Alternatively, if you want to store database credentials using Docker secrets,
+set the path of the corresponding secrets in the following three variables:
+
+    SQLSERVER_DATABASE_FILE   The path of the docker secret containing the name
+                              of database to use for Guacamole authentication.
+
+    SQLSERVER_USER_FILE       The path of the docker secret containing the name of
+                              the user that Guacamole will use to connect to SQLServer.
+
+    SQLSERVER_PASSWORD_FILE   The path of the docker secret containing the
+                              password that Guacamole will provide when connecting to 
+                              SQLServer as SQLSERVER_USER.
+
 END
    exit 1;
 }