forked from RaminNietzsche/CVE-Radar
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.secrets.example.yml
More file actions
47 lines (45 loc) · 1.3 KB
/
Copy pathdocker-compose.secrets.example.yml
File metadata and controls
47 lines (45 loc) · 1.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
# Example: Docker Compose with file-based secrets (issue #63)
#
# 1. Create local secret files (never commit):
# mkdir -p secrets
# echo -n 'your-nvd-key' > secrets/nvd_api_key.txt
# echo -n 'ghp_xxx' > secrets/github_token.txt
# chmod 600 secrets/*.txt
#
# 2. Run:
# docker compose -f docker-compose.secrets.example.yml up -d
services:
cve-radar:
image: raminnietzsche/cve-radar:latest
ports:
- "3001:3001"
environment:
NODE_ENV: production
PORT: 3001
NVD_API_KEY_FILE: /run/secrets/nvd_api_key
GITHUB_TOKEN_FILE: /run/secrets/github_token
# Optional:
# DEEPL_API_KEY_FILE: /run/secrets/deepl_api_key
# ALERT_WEBHOOK_URL_FILE: /run/secrets/alert_webhook_url
# API_SECRET_FILE: /run/secrets/api_secret
secrets:
- nvd_api_key
- github_token
healthcheck:
test: ["CMD", "wget", "-qO-", "http://127.0.0.1:3001/api/health"]
interval: 30s
timeout: 5s
retries: 3
start_period: 20s
restart: unless-stopped
secrets:
nvd_api_key:
file: ./secrets/nvd_api_key.txt
github_token:
file: ./secrets/github_token.txt
# deepl_api_key:
# file: ./secrets/deepl_api_key.txt
# alert_webhook_url:
# file: ./secrets/alert_webhook_url.txt
# api_secret:
# file: ./secrets/api_secret.txt