Split DATABASE_URL possible?

[budimanjojo]

Hello, I have been a happy vaultwarden user since it was still bitwarden_rs.
Currently I'm running vaultwarden using kubernetes and I'm planning to manage my databases using an operator (https://github.com/zalando/postgres-operator/).
This postgres operator will create a random password for the database users and store the password in a Kubernetes Secret. Is it possible to split DATABASE_URL to multiple environment variables?
My current idea is:

# mariadb/msql
MYSQL_DATABASE
MYSQL_USERNAME
MYSQL_PASSWORD
# postgresql
POSTGRES_DATABASE
POSTGRES_USERNAME
POSTGRES_PASSWORD
# sqlite
DATABASE_URL #keep this just for sqlite?

Thank you.

[BlackDex]

You can also use that secret, if I'm correct that will be exposed to a file, which you can use directly using DATABASE_URL_FILE=/path/to/secret, if that is not an option i suggest to use a startup script to generate the correct ENV, see: https://github.com/dani-garcia/vaultwarden/wiki/Starting-a-Container#customizing-container-startup

[budimanjojo]

what kind of format does the DATABASE_URL_FILE accept? The problem the secret file in the container is only a string containing just password, while DATABASE_URL wants postgresql://username:password:port/dbname. Maybe I can look into writing an init script, but it will be nice to have a better alternative.
I just looked into vaultwarden source code and indeed adding my feature request require a lot of work. Maybe create a simple logic like this instead?

if #[cfg(postgresql)] and POSTGRES_PASSWORD is defined, then the override the DATABASE_URL third field with POSTGRES_PASSWORD value

Sorry I don't know much about rust so I that's the best I can describe it.

[BlackDex]

I think that will make stuff a bit to complex for a use case like this.
I suggest to go for the init script instead.

[budimanjojo]

Okay I managed to get it working now with init script. Should I close this?

[BlackDex]

Great, glad you got it working.

Discussions are always open, no way to close then like issues.

[tabacha]

There is also a related Q&A here: #3991

Here is my Docker Compse file:

version: "3"
volumes:
  mariadb:
    driver: local
services:
  mariadb:
    image: mariadb:11.1
    restart: unless-stopped
    volumes:
      - mariadb:/var/lib/mysql
    environment:
      MARIADB_DATABASE: tresor
      MARIADB_USER: tresor
      MARIADB_PASSWORD_FILE: /run/secrets/db_password
      MARIADB_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
      MARIADB_AUTO_UPGRADE: "1"
      MARIADB_DISABLE_UPGRADE_BACKUP: "0"
      MYSQL_RANDOM_ROOT_PASSWORD: "1"
    labels:
      - "com.centurylinklabs.watchtower.scope=tresor"
    secrets:
      - db_root_password
      - db_password
  tresor:
    restart: unless-stopped
    image: vaultwarden/server:latest
    environment:
      DATABASE_URL: "mysql://tresor:kr7SBHOhyDMw0hbT@mariadb/tresor"
      INVITATIONS_ALLOWED: true
      I_REALLY_WANT_VOLATILE_STORAGE: true
    ports:
      - "127.0.0.1:3700:80"
    labels:
      - "com.centurylinklabs.watchtower.scope=tresor"
    secrets:
      - db_password
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /root/.docker/config.json:/config.json:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # pruefe alle 12h = 43200  1200 Sec auf update
    command: --interval 43200 --debug --scope=tresor
    labels:
      - "com.centurylinklabs.watchtower.scope=tresor"
secrets:
  db_password:
    file: db_password.txt
  db_root_password:
    file: db_root_password.txt

It would be good if this could look like this:

version: "3"
volumes:
  mariadb:
    driver: local
services:
  mariadb:
    image: mariadb:11.1
    restart: unless-stopped
    volumes:
      - mariadb:/var/lib/mysql
    environment:
      MARIADB_DATABASE: tresor
      MARIADB_USER: tresor
      MARIADB_PASSWORD_FILE: /run/secrets/db_password
      MARIADB_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
      MARIADB_AUTO_UPGRADE: "1"
      MARIADB_DISABLE_UPGRADE_BACKUP: "0"
      MYSQL_RANDOM_ROOT_PASSWORD: "1"
    labels:
      - "com.centurylinklabs.watchtower.scope=tresor"
    secrets:
      - db_root_password
      - db_password
  tresor:
    restart: unless-stopped
    image: vaultwarden/server:latest
    environment:
      DATABASE_TYPE: "mysql"
      DATABASE_USER: "tresor"
      DATABASE_PASSWORD_FILE: /run/secrets/db_password
      DATABASE_DB: "tresor"
      DATABASE_HOST: "mariadb"
      INVITATIONS_ALLOWED: true
      I_REALLY_WANT_VOLATILE_STORAGE: true
    ports:
      - "127.0.0.1:3700:80"
    labels:
      - "com.centurylinklabs.watchtower.scope=tresor"
    secrets:
      - db_password
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /root/.docker/config.json:/config.json:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      # pruefe alle 12h = 43200  1200 Sec auf update
    command: --interval 43200 --debug --scope=tresor
    labels:
      - "com.centurylinklabs.watchtower.scope=tresor"
secrets:
  db_password:
    file: db_password.txt
  db_root_password:
    file: db_root_password.txt