Merge pull request #19 from theohbrothers/docs/readme-add-secrets-sec…

…tion-about-how-to-separate-configuration-from-secrets Docs (readme): Add Secrets section about how to separate configuration from secrets
theohbrothers · Apr 15, 2023 · 4beffe0 · 4beffe0
2 parents 58f87dd + de98fbf
commit 4beffe0
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -170,6 +170,24 @@ For cron-based sync and backup with notifications, see `docker-compose` example(
 - [Cron-based sync and backup (same container) with curl notifications](docs/examples/cron-sync-backup)
 - [Cron-based sync and backup (separate containers) with curl notifications](docs/examples/cron-sync-backup-separate)
 
+### Secrets
+
+Instead of typing secrets as plain text in `/mbsyncrc` config file for the `User` and `Pass` options of `IMAPStore` (or `IMAPAccount`), use `UserCmd` or `PassCmd` which accepts a [shell command](https://isync.sourceforge.io/mbsync.html). This helps to separate configuration from secrets.
+
+For example, if secrets are bind mounted as files in `/run/secrets/user` and `/run/secrets/pass`, use the following:
+
+```sh
+UserCmd "cat /run/secrets/user"
+PassCmd "cat /run/secrets/pass"
+```
+
+If secrets are in environment variables `IMAP_USER` and `IMAP_PASS`, use the following:
+
+```sh
+UserCmd "echo $IMAP_USER"
+PassCmd "echo $IMAP_PASS"
+```
+
 ### Command line usage
 
 To view command line usage:

diff --git a/generate/templates/README.md.ps1 b/generate/templates/README.md.ps1
@@ -185,6 +185,24 @@ For cron-based sync and backup with notifications, see `docker-compose` example(
 - [Cron-based sync and backup (same container) with curl notifications](docs/examples/cron-sync-backup)
 - [Cron-based sync and backup (separate containers) with curl notifications](docs/examples/cron-sync-backup-separate)
 
+### Secrets
+
+Instead of typing secrets as plain text in `/mbsyncrc` config file for the `User` and `Pass` options of `IMAPStore` (or `IMAPAccount`), use `UserCmd` or `PassCmd` which accepts a [shell command](https://isync.sourceforge.io/mbsync.html). This helps to separate configuration from secrets.
+
+For example, if secrets are bind mounted as files in `/run/secrets/user` and `/run/secrets/pass`, use the following:
+
+```sh
+UserCmd "cat /run/secrets/user"
+PassCmd "cat /run/secrets/pass"
+```
+
+If secrets are in environment variables `IMAP_USER` and `IMAP_PASS`, use the following:
+
+```sh
+UserCmd "echo $IMAP_USER"
+PassCmd "echo $IMAP_PASS"
+```
+
 ### Command line usage
 
 To view command line usage: