From e404ede4f9125e3bdabc184063ae41556015cce8 Mon Sep 17 00:00:00 2001
From: Pavol Mederly <mederly@evolveum.com>
Date: Mon, 10 Sep 2018 16:15:28 +0200
Subject: [PATCH] Add Docker secrets support to the container

---
 midpoint/configs-and-secrets/midpoint/keystore_password.txt | 1 +
 midpoint/docker-compose.yml                                 | 3 +++
 midpoint/midpoint-server/Dockerfile                         | 5 ++++-
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 midpoint/configs-and-secrets/midpoint/keystore_password.txt

diff --git a/midpoint/configs-and-secrets/midpoint/keystore_password.txt b/midpoint/configs-and-secrets/midpoint/keystore_password.txt
new file mode 100644
index 0000000..1d40192
--- /dev/null
+++ b/midpoint/configs-and-secrets/midpoint/keystore_password.txt
@@ -0,0 +1 @@
+changeit
diff --git a/midpoint/docker-compose.yml b/midpoint/docker-compose.yml
index b6197a4..88d6af0 100644
--- a/midpoint/docker-compose.yml
+++ b/midpoint/docker-compose.yml
@@ -33,6 +33,7 @@ services:
       - back
     secrets:
       - m_database_password.txt
+      - m_keystore_password.txt
 # the following is just to demonstrate required normalization of logging parameters
 #    environment:
 #      - LOGFILE=midpoint.log
@@ -55,6 +56,8 @@ networks:
 secrets:
   m_database_password.txt:
     file: ./configs-and-secrets/midpoint/database_password.txt
+  m_keystore_password.txt:
+    file: ./configs-and-secrets/midpoint/keystore_password.txt
     
 volumes:
   midpoint_mysql:
diff --git a/midpoint/midpoint-server/Dockerfile b/midpoint/midpoint-server/Dockerfile
index b17312e..4e58c39 100644
--- a/midpoint/midpoint-server/Dockerfile
+++ b/midpoint/midpoint-server/Dockerfile
@@ -37,6 +37,8 @@ ENV REPO_JDBC_URL default
 ENV REPO_PASSWORD_FILE /run/secrets/m_database_password.txt
 ENV REPO_DATABASE_TYPE mariadb
 
+ENV KEYSTORE_PASSWORD_FILE /run/secrets/m_keystore_password.txt
+
 # Logging parameters
 
 ENV COMPONENT midpoint
@@ -54,11 +56,12 @@ CMD java -Xmx$MEM -Xms2048M -Dfile.encoding=UTF8 \
        -Dmidpoint.home=$MP_DIR/var \
        -Dmidpoint.repository.database=$REPO_DATABASE_TYPE \
        -Dmidpoint.repository.jdbcUsername=$REPO_USER \
-       -Dmidpoint.repository.jdbcPasswordFile=$REPO_PASSWORD_FILE \
+       -Dmidpoint.repository.jdbcPassword_FILE=$REPO_PASSWORD_FILE \
        -Dmidpoint.repository.jdbcUrl="`$MP_DIR/repository-url`" \
        -Dmidpoint.repository.hibernateHbm2ddl=none \
        -Dmidpoint.repository.missingSchemaAction=create \
        -Dmidpoint.repository.initializationFailTimeout=60000 \
+       -Dmidpoint.keystore.keyStorePassword_FILE=$KEYSTORE_PASSWORD_FILE \
        -Dmidpoint.logging.console.enabled=true \
        -Dmidpoint.logging.console.prefix="`$MP_DIR/log-prefix`" \
        -Dmidpoint.logging.console.timezone=UTC \