Accessing environment secrets from cron-initiated shell script

I have an app that uses cron to kick off shell scripts that initiate a python script. I also use’s secrets manager. The python script access the secrets in the environment. This all works fine if I call the python script directly, or kick off the shell script directly, but when cron kicks off the shell scripts, the environment variables are not available.

Any ideas how to get this to work? Here are the relevant code snippets:


FROM python:3.10
COPY . /app
ADD requirements.txt /app/requirements.txt
RUN pip install --upgrade pip
RUN pip install -r requirements.txt

RUN apt-get update && apt-get -y install cron
RUN apt-get -y install vim

# set up log files
RUN mkdir /app/log
RUN touch /app/log/log.log
RUN chmod -R +rw /app/log

# make scripts executable
RUN chmod +x /app/
RUN chmod -R +x /app/bin

# set up cron
RUN echo "* * * * * root /app/bin/" >> /etc/cron.d/crontab

# must end with new line
RUN echo "" >> /etc/cron.d/crontab
RUN chmod 0644 /etc/cron.d/crontab

CMD /app/bin/

# start cron - -f to run in foreground
/usr/sbin/cron -f

/usr/local/bin/python /app/ close >> /app/log/log.log 2>&1

if __name__ == '__main__':
    # example, the script is big
    if not os.getenv("SOME_SECRET"):
        raise Exception

The python script is just an example, but if I run the script myself with python, it does not raise. If I run the shell script with bin/, it does not raise. However, the logs show that it raises every minute with cron kicking it off.

Any ideas how to make the environment secrets available in this scenario?

My solution for now, in

# copy secrets to .env
  echo "SECRET1=${SECRET1}"
  echo "SECRET2=${SECRET2}"
} >> /.env

# start cron - -f to run in foreground
/usr/sbin/cron -f

Can you share fly.toml file?

app = "my-app"
primary_region = "den"
kill_signal = "SIGINT"
kill_timeout = "5s"

  auto_rollback = true

  dockerfile = "Dockerfile"
  ignorefile = ".dockerignore"

  BASE_URL = ""
  PORT = "8080"

  protocol = "tcp"
  internal_port = 8080
  processes = ["app"]

    port = 80
    handlers = ["http"]
    force_https = true

    port = 443
    handlers = ["tls", "http"]
    type = "connections"
    hard_limit = 25
    soft_limit = 20

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.