diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-07-02 18:03:17 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-07-02 18:03:17 -0700 |
| commit | 1db7c2b8aad59177f9ccb32f156908faf0c13eca (patch) | |
| tree | b1ea2df918591ab01822e3bd3ce08277825c47fb /weed/command/scaffold | |
| parent | 6b706f9ccdf46046133c867c4240c4e8594da5b3 (diff) | |
| download | seaweedfs-1db7c2b8aad59177f9ccb32f156908faf0c13eca.tar.xz seaweedfs-1db7c2b8aad59177f9ccb32f156908faf0c13eca.zip | |
Add credential storage (#6938)
* add credential store interface
* load credential.toml
* lint
* create credentialManager with explicit store type
* add type name
* InitializeCredentialManager
* remove unused functions
* fix missing import
* fix import
* fix nil configuration
Diffstat (limited to 'weed/command/scaffold')
| -rw-r--r-- | weed/command/scaffold/credential.toml | 55 | ||||
| -rw-r--r-- | weed/command/scaffold/example.go | 3 |
2 files changed, 58 insertions, 0 deletions
diff --git a/weed/command/scaffold/credential.toml b/weed/command/scaffold/credential.toml new file mode 100644 index 000000000..380867800 --- /dev/null +++ b/weed/command/scaffold/credential.toml @@ -0,0 +1,55 @@ +# Put this file to one of the location, with descending priority +# ./credential.toml +# $HOME/.seaweedfs/credential.toml +# /etc/seaweedfs/credential.toml +# this file is read by S3 API and IAM API servers + +# Choose one of the credential stores below +# Only one store can be enabled at a time + +# Filer-based credential store (default, uses existing filer storage) +[credential.filer_etc] +enabled = true +# filer address and grpc_dial_option will be automatically configured by the server + +# SQLite credential store (recommended for single-node deployments) +[credential.sqlite] +enabled = false +file = "/var/lib/seaweedfs/credentials.db" +# Optional: table name prefix (default: "sw_") +table_prefix = "sw_" + +# PostgreSQL credential store (recommended for multi-node deployments) +[credential.postgres] +enabled = false +hostname = "localhost" +port = 5432 +username = "seaweedfs" +password = "your_password" +database = "seaweedfs" +schema = "public" +sslmode = "disable" +# Optional: table name prefix (default: "sw_") +table_prefix = "sw_" +# Connection pool settings +connection_max_idle = 10 +connection_max_open = 100 +connection_max_lifetime_seconds = 3600 + +# Memory credential store (for testing only, data is lost on restart) +[credential.memory] +enabled = false + +# Environment variable overrides: +# Any configuration value can be overridden by environment variables +# Rules: +# * Prefix with "WEED_CREDENTIAL_" +# * Convert to uppercase +# * Replace '.' with '_' +# +# Examples: +# export WEED_CREDENTIAL_POSTGRES_PASSWORD=secret +# export WEED_CREDENTIAL_SQLITE_FILE=/custom/path/credentials.db +# export WEED_CREDENTIAL_POSTGRES_HOSTNAME=db.example.com +# export WEED_CREDENTIAL_FILER_ETC_ENABLED=true +# export WEED_CREDENTIAL_SQLITE_ENABLED=false
\ No newline at end of file diff --git a/weed/command/scaffold/example.go b/weed/command/scaffold/example.go index 6be6804e5..26d0a306c 100644 --- a/weed/command/scaffold/example.go +++ b/weed/command/scaffold/example.go @@ -19,3 +19,6 @@ var Master string //go:embed shell.toml var Shell string + +//go:embed credential.toml +var Credential string |