github/infisical
1
0
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-01-06 22:23:53 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: persist softhsm configuration

Browse Source
This commit is contained in:
Daniel Hougaard
2025-10-21 22:01:43 +04:00
parent 0f925cfaad
commit aa8aff9d8b
4 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
backend/Dockerfile.dev
View File

@@ -49,9 +49,6 @@ RUN rm -fr ${SOFTHSM2_SOURCES}
# Install pkcs11-tool
RUN apt-get install -y opensc
RUN mkdir -p /etc/softhsm2/tokens && \
softhsm2-util --init-token --slot 0 --label "auth-app" --pin 1234 --so-pin 0000
# ? App setup
# Install Infisical CLI
@@ -64,10 +61,14 @@ WORKDIR /app
COPY package.json package.json
COPY package-lock.json package-lock.json
COPY dev-entrypoint.sh dev-entrypoint.sh
RUN chmod +x dev-entrypoint.sh
RUN npm install
COPY . .
ENV HOST=0.0.0.0
ENTRYPOINT ["/app/dev-entrypoint.sh"]
CMD ["npm", "run", "dev:docker"]

7
backend/Dockerfile.dev.fips
View File

@@ -50,9 +50,6 @@ RUN rm -fr ${SOFTHSM2_SOURCES}
# Install pkcs11-tool
RUN apt-get install -y opensc
RUN mkdir -p /etc/softhsm2/tokens && \
softhsm2-util --init-token --slot 0 --label "auth-app" --pin 1234 --so-pin 0000
WORKDIR /openssl-build
RUN wget https://www.openssl.org/source/openssl-3.1.2.tar.gz \
&& tar -xf openssl-3.1.2.tar.gz \
@@ -77,6 +74,9 @@ WORKDIR /app
COPY package.json package.json
COPY package-lock.json package-lock.json
COPY dev-entrypoint.sh dev-entrypoint.sh
RUN chmod +x dev-entrypoint.sh
RUN npm install
COPY . .
@@ -87,4 +87,5 @@ ENV OPENSSL_MODULES=/usr/local/lib/ossl-modules
# ENV NODE_OPTIONS=--force-fips # Note(Daniel): We can't set this on the node options because it may break for existing folks using the infisical/infisical-fips image. Instead we call crypto.setFips(true) at runtime.
ENV FIPS_ENABLED=true
ENTRYPOINT ["/app/dev-entrypoint.sh"]
CMD ["npm", "run", "dev:docker"]

16
backend/dev-entrypoint.sh Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/sh
update-ca-certificates
# Initialize SoftHSM token if it doesn't exist
if [ ! -f /etc/softhsm2/tokens/auth-app.db ]; then
echo "Initializing SoftHSM token..."
mkdir -p /etc/softhsm2/tokens
softhsm2-util --init-token --slot 0 --label "auth-app" --pin 1234 --so-pin 0000
echo "SoftHSM token initialized"
else
echo "SoftHSM token already exists, skipping initialization"
fi
exec "$@"

3
docker-compose.dev.yml
View File

@@ -77,6 +77,7 @@ services:
- TELEMETRY_ENABLED=false
volumes:
- ./backend/src:/app/src
- softhsm_tokens:/etc/softhsm2/tokens # SoftHSM tokens are stored in a volume to persist across container restarts
extra_hosts:
- "host.docker.internal:host-gateway"
@@ -198,3 +199,5 @@ volumes:
ldap_data:
ldap_config:
grafana_storage:
softhsm_tokens:
driver: local