OpenSearch prototype: Secrets with "." in the name

I’m setting up an OpenSearch container (hopefully a cluster, if I can get it working). The OpenSearch docs say that configuration variables can be set via the environment, and I’m able to do that in the toml file easy enough:

  "OPENSEARCH_JAVA_OPTS"="-Xms1024m -Xmx1024m"

This is really nice because it means I don’t have to muddle with the docker container or docker file at all! I can override the configuration settings I need easily and fly pulls and runs the container directly.

However, one of the configuration options I need to set is called plugins.query.datasources.encryption.masterkey – it’s the master encryption key for the cluster, and it seems like a great use of the fly secrets system.

On the console, I tried this:

$ fly secrets set 'plugins.query.datasources.encryption.masterkey'=(openssl rand -hex 24)
Error: Validation failed: Name only allows letters, numbers, and underscores

And I got a similar error with the web management portal:

I came across a topic where someone else had a similar question and the only suggestion was to provide a custom entrypoint file which handles some bespoke mapping between fly-allowed secrets/environment variables and re-exports them into the container. This is not ideal – I’m using an off-the-shelf container, and I do not want to muck with the entrypoint script in order to set config vars. However, the post is over a year old, and moves quickly…is there any hope?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.