File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -34,7 +34,10 @@ prepare_runtime_secrets() {
3434 printf ' %s' " $( read_env_var MONGO_ROOT_PASSWORD) " > " ${secrets_dir} /runtime-mongo-root-password.txt"
3535 printf ' %s' " $( read_env_var MONGO_APP_USER) " > " ${secrets_dir} /runtime-mongo-app-user.txt"
3636 printf ' %s' " $( read_env_var MONGO_APP_PASSWORD) " > " ${secrets_dir} /runtime-mongo-app-password.txt"
37- chmod 600 " ${secrets_dir} /runtime-mongo-root-user.txt"
37+ # CI portability: mongo entrypoint re-execs as the "mongodb" user before reading
38+ # *_FILE secrets. Keep runtime secret files read-only but world-readable so the
39+ # in-container user can reliably read them across Docker/Compose variants.
40+ chmod 444 " ${secrets_dir} /runtime-mongo-root-user.txt"
3841 " ${secrets_dir} /runtime-mongo-root-password.txt"
3942 " ${secrets_dir} /runtime-mongo-app-user.txt"
4043 " ${secrets_dir} /runtime-mongo-app-password.txt" || true
You can’t perform that action at this time.
0 commit comments