Micha/homelab-infra
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs/SECRETS_MAP.md aktualisiert

Browse Source
This commit is contained in:
Micha
2026-03-28 19:46:15 +00:00
parent 40b0734d0d
commit aa308bdf73
1 changed files with 25 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/SECRETS_MAP.md
+25 -20
View File
@@ -3,28 +3,28 @@
Dieses Dokument listet alle sensiblen Daten (Passwörter, Tokens, Keys) und deren Speicherorte. Dieses Dokument listet alle sensiblen Daten (Passwörter, Tokens, Keys) und deren Speicherorte.
## Grundregeln ## Grundregeln
- Secrets liegen **niemals im Git-Repository** - Secrets liegen **niemals im Git-Repository**
- Speicherort: `/mnt/user/appdata/secrets/` - Speicherort: `/mnt/user/appdata/secrets/`
- Berechtigungen: `chmod 600` - Berechtigungen: `chmod 600`
- Nutzung in Docker über `_FILE` Variablen - Nutzung in Docker über `_FILE` Variablen oder Komodo/Portainer Stack Environment Variables
--- ---
## Übersicht ## Übersicht
| Service | Secret | Datei | Status | | Service | Secret | Datei / Methode | Status |
|---------------|--------|------|--------| |---|---|---|---|
| Vaultwarden | ADMIN_TOKEN | vaultwarden_admin_token.txt | | | Vaultwarden | ADMIN_TOKEN | `vaultwarden_admin_token.txt``ADMIN_TOKEN_FILE` | |
| PostgreSQL | DB Password | postgres_password.txt | | | PostgreSQL 17 | DB Password | `postgres_password.txt``POSTGRES_PASSWORD_FILE` | |
| Mealie | DB Password | mealie_db.txt | | | Mealie | DB Password | Stack ENV `${MEALIE_DB_PASSWORD}` (kein `_FILE`-Support) | |
| Gotify | User Passwort | gotify_password.txt | | | mealie-postgres | DB Password | Stack ENV `${POSTGRES_PASSWORD}` | |
| DIUN | Gotify Token | diun_gotify_token.txt | | | Gotify | User Passwort | `gotify_password.txt``GOTIFY_DEFAULTUSER_PASS_FILE` | |
| Paperless | DB Password | paperless_db.txt | | | Paperless-ngx | DB Password | Stack ENV `${PAPERLESS_DBPASS}` (kein `_FILE`-Support) | |
| Code-Server | Passwort | code_server_password.txt | | | code-server | Passwort | `code_server_password.txt``PASSWORD_FILE` | |
| Immich | DB Password | immich_db.txt | | | Immich (server) | DB Password | Stack ENV `${IMMICH_DB_PASSWORD}` | |
| Mail-Archiver | DB Passwort | mailarchiver_db.txt | | | immich-postgres | DB Password | `immich_db.txt``POSTGRES_PASSWORD_FILE` | |
| Scanopy | DB Passwort | scanopy_db.txt | | | mail-archiver | Auth Password | Stack ENV `${MAILARCHIVER_AUTH_PASSWORD}` | |
| ~~diun~~ | ~~Gotify Token~~ | ~~Stack ENV~~ | ❌ Container entfernt (2026-03-28) |
--- ---
@@ -34,11 +34,16 @@ Dieses Dokument listet alle sensiblen Daten (Passwörter, Tokens, Keys) und dere
/mnt/user/appdata/secrets/ /mnt/user/appdata/secrets/
├── vaultwarden_admin_token.txt ├── vaultwarden_admin_token.txt
├── postgres_password.txt ├── postgres_password.txt
├── mealie_db.txt
├── gotify_password.txt ├── gotify_password.txt
├── diun_gotify_token.txt
├── paperless_db.txt
├── code_server_password.txt ├── code_server_password.txt
── immich_db.txt ── immich_db.txt
├── mailarchiver_db.txt ```
└── scanopy_db.txt
> **Hinweis:** Mealie, Paperless, mail-archiver und Immich-Server nutzen Stack Environment Variables statt Datei-Mounts, da `_FILE`-Support nicht vorhanden oder unzuverlässig ist.
---
## Regel
Wenn `_FILE` nicht unterstützt wird → Stack Environment Variable in Komodo/Portainer verwenden.
Secrets niemals direkt in die Compose-Datei schreiben.