From 9e0418378ec191c47a0a80947fa12b8d5e92f7a0 Mon Sep 17 00:00:00 2001
From: Lubomir Bucek <lubomir.bucek@eox.at>
Date: Tue, 27 Oct 2020 10:32:24 +0100
Subject: [PATCH] use certs as secrets

---
 docker-compose.base.ops.yml              | 10 ++++++++++
 shibauth/shibboleth-conf/shibboleth2.xml |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index 56a2e14f..a307b9dd 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -31,6 +31,11 @@ services:
       - shib-extnet
   shibauth:
     image: testing-shibboleth
+    environment:
+      APACHE_SERVERNAME: "https://emg.pdas.prism.eox.at:443"
+    secrets:
+      - SHIB_CERT
+      - SHIB_KEY
     deploy:
       replicas: 1
       placement:
@@ -67,3 +72,8 @@ networks:
     name: logging-extnet
   shib-extnet:
     name: shib-extnet
+secrets:
+  SHIB_CERT:
+    external: true
+  SHIB_KEY:
+    external: true
diff --git a/shibauth/shibboleth-conf/shibboleth2.xml b/shibauth/shibboleth-conf/shibboleth2.xml
index e3a18eaf..15399b0d 100755
--- a/shibauth/shibboleth-conf/shibboleth2.xml
+++ b/shibauth/shibboleth-conf/shibboleth2.xml
@@ -23,7 +23,7 @@
         <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
         <AttributeResolver type="Query" subjectMatch="true"/>
         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
-        <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
+        <CredentialResolver type="File" key="/run/secrets/SHIB_KEY" certificate="/run/secrets/SHIB_CERT"/>
     </ApplicationDefaults>
     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
     <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
-- 
GitLab