mirror of
https://github.com/octoleo/restic.git
synced 2024-11-24 21:57:41 +00:00
Merge pull request #4480 from AgathaSorceress/add-rest-auth-env
Support reading basic auth credentials for REST server from environment variables
This commit is contained in:
commit
7f05af02b9
10
changelog/unreleased/pull-4480
Normal file
10
changelog/unreleased/pull-4480
Normal file
@ -0,0 +1,10 @@
|
||||
Enhancement: Allow setting REST password and username via environment variables
|
||||
|
||||
Previously, it was only possible to specify the REST server username and
|
||||
password in the repository URL, or using the `--repository-file` option. This
|
||||
meant it was not possible to use authentication in contexts where the repository
|
||||
URL is public and parts of it are templated by other software. Restic now
|
||||
allows setting the username and password using the `RESTIC_REST_USERNAME` and
|
||||
`RESTIC_REST_PASSWORD` variables.
|
||||
|
||||
https://github.com/restic/restic/pull/4480
|
@ -211,6 +211,14 @@ are some more examples:
|
||||
$ restic -r rest:https://user:pass@host:8000/ init
|
||||
$ restic -r rest:https://user:pass@host:8000/my_backup_repo/ init
|
||||
|
||||
The server username and password can be specified using environment
|
||||
variables as well:
|
||||
|
||||
.. code-block:: console
|
||||
|
||||
$ export RESTIC_REST_USERNAME=<MY_REST_SERVER_USERNAME>
|
||||
$ export RESTIC_REST_PASSWORD=<MY_REST_SERVER_PASSWORD>
|
||||
|
||||
If you use TLS, restic will use the system's CA certificates to verify the
|
||||
server certificate. When the verification fails, restic refuses to proceed and
|
||||
exits with an error. If you have your own self-signed certificate, or a custom
|
||||
|
@ -593,9 +593,16 @@ environment variables. The following lists these environment variables:
|
||||
AWS_PROFILE Amazon credentials profile (alternative to specifying key and region)
|
||||
AWS_SHARED_CREDENTIALS_FILE Location of the AWS CLI shared credentials file (default: ~/.aws/credentials)
|
||||
|
||||
ST_AUTH Auth URL for keystone v1 authentication
|
||||
ST_USER Username for keystone v1 authentication
|
||||
ST_KEY Password for keystone v1 authentication
|
||||
AZURE_ACCOUNT_NAME Account name for Azure
|
||||
AZURE_ACCOUNT_KEY Account key for Azure
|
||||
AZURE_ACCOUNT_SAS Shared access signatures (SAS) for Azure
|
||||
AZURE_ENDPOINT_SUFFIX Endpoint suffix for Azure Storage (default: core.windows.net)
|
||||
|
||||
B2_ACCOUNT_ID Account ID or applicationKeyId for Backblaze B2
|
||||
B2_ACCOUNT_KEY Account Key or applicationKey for Backblaze B2
|
||||
|
||||
GOOGLE_PROJECT_ID Project ID for Google Cloud Storage
|
||||
GOOGLE_APPLICATION_CREDENTIALS Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json)
|
||||
|
||||
OS_AUTH_URL Auth URL for keystone authentication
|
||||
OS_REGION_NAME Region name for keystone authentication
|
||||
@ -619,19 +626,15 @@ environment variables. The following lists these environment variables:
|
||||
OS_STORAGE_URL Storage URL for token authentication
|
||||
OS_AUTH_TOKEN Auth token for token authentication
|
||||
|
||||
B2_ACCOUNT_ID Account ID or applicationKeyId for Backblaze B2
|
||||
B2_ACCOUNT_KEY Account Key or applicationKey for Backblaze B2
|
||||
|
||||
AZURE_ACCOUNT_NAME Account name for Azure
|
||||
AZURE_ACCOUNT_KEY Account key for Azure
|
||||
AZURE_ACCOUNT_SAS Shared access signatures (SAS) for Azure
|
||||
AZURE_ENDPOINT_SUFFIX Endpoint suffix for Azure Storage (default: core.windows.net)
|
||||
|
||||
GOOGLE_PROJECT_ID Project ID for Google Cloud Storage
|
||||
GOOGLE_APPLICATION_CREDENTIALS Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json)
|
||||
|
||||
RCLONE_BWLIMIT rclone bandwidth limit
|
||||
|
||||
RESTIC_REST_USERNAME Restic REST Server username
|
||||
RESTIC_REST_PASSWORD Restic REST Server password
|
||||
|
||||
ST_AUTH Auth URL for keystone v1 authentication
|
||||
ST_USER Username for keystone v1 authentication
|
||||
ST_KEY Password for keystone v1 authentication
|
||||
|
||||
See :ref:`caching` for the rules concerning cache locations when
|
||||
``RESTIC_CACHE_DIR`` is not set.
|
||||
|
||||
|
@ -2,10 +2,12 @@ package rest
|
||||
|
||||
import (
|
||||
"net/url"
|
||||
"os"
|
||||
"strings"
|
||||
|
||||
"github.com/restic/restic/internal/errors"
|
||||
"github.com/restic/restic/internal/options"
|
||||
"github.com/restic/restic/internal/restic"
|
||||
)
|
||||
|
||||
// Config contains all configuration necessary to connect to a REST server.
|
||||
@ -70,3 +72,19 @@ func prepareURL(s string) string {
|
||||
}
|
||||
return s
|
||||
}
|
||||
|
||||
var _ restic.ApplyEnvironmenter = &Config{}
|
||||
|
||||
// ApplyEnvironment saves values from the environment to the config.
|
||||
func (cfg *Config) ApplyEnvironment(prefix string) {
|
||||
username := cfg.URL.User.Username()
|
||||
_, pwdSet := cfg.URL.User.Password()
|
||||
|
||||
// Only apply env variable values if neither username nor password are provided.
|
||||
if username == "" && !pwdSet {
|
||||
envName := os.Getenv(prefix + "RESTIC_REST_USERNAME")
|
||||
envPwd := os.Getenv(prefix + "RESTIC_REST_PASSWORD")
|
||||
|
||||
cfg.URL.User = url.UserPassword(envName, envPwd)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user