From 0165b5d5daaf9f617a4118a83804024f924b5d93 Mon Sep 17 00:00:00 2001
From: To-om <toom@thehive-project.org>
Date: Thu, 16 Jan 2020 15:35:37 +0100
Subject: [PATCH] #244 Hide secret in Docker entrypoint

---
 package/docker/entrypoint | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/package/docker/entrypoint b/package/docker/entrypoint
index 0737fed1c..38e9d836f 100755
--- a/package/docker/entrypoint
+++ b/package/docker/entrypoint
@@ -10,6 +10,7 @@ ANALYZER_URLS=()
 RESPONDER_PATH=/opt/Cortex-Analyzers/responders
 RESPONDER_URLS=()
 START_DOCKER=0
+SHOW_SECRET=0
 
 function usage {
 	cat <<- _EOF_
@@ -20,6 +21,7 @@ function usage {
 		--es-uri <uri>		| use this string to configure elasticsearch hosts (format: http(s)://host:port,host:port(/prefix)?querystring)
 		--es-hostname <host>	| resolve this hostname to find elasticseach instances
 		--secret <secret>	| secret to secure sessions
+		--show-secret		| show the generated secret
 		--analyzer-url <url>	| where analyzers are located (url or path)
 		--responder-url <url>	| where responders are located (url or path)
 		--start-docker		| start a internal docker (inside container) to run analyzers/responders
@@ -39,6 +41,7 @@ do
 		"--es-uri")		shift; ES_URI=$1;;
 		"--es-hostname")	shift; ES_HOSTNAME=$1;;
 		"--secret")		shift; SECRET=$1;;
+		"--show-secret")	SHOW_SECRET=1;;
 		"--analyzer-path")	shift; ANALYZER_PATH=$1;;
 		"--responder-path")	shift; RESPONDER_PATH=$1;;
 		"--analyzer-url")	shift; ANALYZER_URLS+=$1;;
@@ -58,8 +61,8 @@ then
 		if test -z "$SECRET"
 		then
 			SECRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1)
+			test $SHOW_SECRET = 1 && echo Using secret: $SECRET
 		fi
-		echo Using secret: $SECRET
 		echo play.http.secret.key=\"$SECRET\" >> $CONFIG_FILE
 	fi