I’m setting up an OpenSearch container (hopefully a cluster, if I can get it working). The OpenSearch docs say that configuration variables can be set via the environment, and I’m able to do that in the toml file easy enough:
[env]
"discovery.type"="single-node"
"bootstrap.memory_lock"="true"
"OPENSEARCH_JAVA_OPTS"="-Xms1024m -Xmx1024m"
This is really nice because it means I don’t have to muddle with the docker container or docker file at all! I can override the configuration settings I need easily and fly pulls and runs the container directly.
However, one of the configuration options I need to set is called plugins.query.datasources.encryption.masterkey – it’s the master encryption key for the cluster, and it seems like a great use of the fly secrets system.
On the console, I tried this:
$ fly secrets set 'plugins.query.datasources.encryption.masterkey'=(openssl rand -hex 24)
Error: Validation failed: Name only allows letters, numbers, and underscores
And I got a similar error with the web management portal:
I came across a topic where someone else had a similar question and the only suggestion was to provide a custom entrypoint file which handles some bespoke mapping between fly-allowed secrets/environment variables and re-exports them into the container. This is not ideal – I’m using an off-the-shelf container, and I do not want to muck with the entrypoint script in order to set config vars. However, the post is over a year old, and fly.io moves quickly…is there any hope?