Add support for loading secrets from *_FILE env vars in Docker environment.

Closes #2455.

Co-Authored-By: Michael Redig <mredig@gmail.com>

docker-compose.yml

@@ -1,3 +1,6 @@
+# All LISTMONK_* env variables also support the LISTMONK_*_FILE pattern for loading secrets from files with Docker secrets and Podman
+# eg: LISTMONK_ADMIN_USER -> LISTMONK_ADMIN_USER_FILE=/path/to/file_with_value
+
 x-db-credentials: &db-credentials                             # Use the default POSTGRES_ credentials if they're available or simply default to "listmonk"
   POSTGRES_USER: &db-user listmonk                            # for database user, password, and database name
   POSTGRES_PASSWORD: &db-password listmonk

docker-entrypoint.sh

@@ -34,6 +34,31 @@ create_user() {
 create_group
 create_user
 
+load_secret_files() {
+  # Save and restore IFS
+  old_ifs="$IFS"
+  IFS='
+'
+  # Capture all env variables starting with LISTMONK_ and ending with _FILE.
+  # It's value is assumed to be a file path with its actual value.
+  for line in $(env | grep '^LISTMONK_.*_FILE='); do
+    var="${line%%=*}"
+    fpath="${line#*=}"
+
+    # If it's a valid file, read its contents and assign it to the var
+    # without the _FILE suffix.
+    # Eg: LISTMONK_DB_USER_FILE=/run/secrets/user -> LISTMONK_DB_USER=$(contents of /run/secrets/user)
+    if [ -f "$fpath" ]; then
+      new_var="${var%_FILE}"
+      export "$new_var"="$(cat "$fpath")"
+    fi
+  done
+  IFS="$old_ifs"
+}
+
+# Load env variables from files if LISTMONK_*_FILE variables are set.
+load_secret_files
+
 # Try to set the ownership of the app directory to the app user.
 if ! chown -R ${PUID}:${PGID} /listmonk 2>/dev/null; then
   echo "Warning: Failed to change ownership of /listmonk. Readonly volume?"