Add function to load secret/password from file for security (#25)

New feature: Load SMTP password from file to avoid using env variables.

.env.example

@@ -8,7 +8,7 @@
 # Mandatory: Username to authenticate with.
 #SMTP_USERNAME=
 
-# Mandatory: Password of the SMTP user.
+# Mandatory: Password of the SMTP user. (Not needed if SMTP_PASSWORD_FILE is used)
 #SMTP_PASSWORD=
 
 # Mandatory: Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
@@ -19,3 +19,6 @@
 
 # Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers.
 #SMTP_NETWORKS=
+
+# Optional: Set this to a mounted file containing the password, to avoid passwords in env variables.
+#SMTP_PASSWORD_FILE=

README.md

@@ -41,7 +41,7 @@ The following env variables need to be passed to the container:
 * `SMTP_SERVER` Server address of the SMTP server to use.
 * `SMTP_PORT` (Optional, Default value: 587) Port address of the SMTP server to use.
 * `SMTP_USERNAME` Username to authenticate with.
-* `SMTP_PASSWORD` Password of the SMTP user.
+* `SMTP_PASSWORD` Password of the SMTP user. If `SMTP_PASSWORD_FILE` is set, not needed.
 * `SERVER_HOSTNAME` Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
 
 The following env variable(s) are optional.
@@ -50,6 +50,10 @@ The following env variable(s) are optional.
 * `SMTP_NETWORKS` Setting this will allow you to add additional, comma seperated, subnets to use the relay. Used like
     -e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx'
 
+* `SMTP_PASSWORD_FILE` Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like
+    -e SMTP_PASSWORD_FILE=/secrets/smtp_password
+    -v $(pwd)/secrets/:/secrets/
+
 To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server:
 
     docker run -d --name postfix -p "25:25"  \

run.sh

@@ -13,6 +13,9 @@ function add_config_value() {
  postconf -e "${key} = ${value}"
 }
 
+# Read password from file to avoid unsecure env variables
+if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -f "${SMTP_PASSWORD_FILE}" ] && read SMTP_PASSWORD < ${SMTP_PASSWORD_FILE} || echo "SMTP_PASSWORD_FILE defined, but file not existing, skipping."; fi
+
 [ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1
 [ -z "${SMTP_USERNAME}" ] && echo "SMTP_USERNAME is not set" && exit 1
 [ -z "${SMTP_PASSWORD}" ] && echo "SMTP_PASSWORD is not set" && exit 1