Secret files not getting parsed

[kuya1284]

There appears to be a problem with reading the secret files when using the GEOIPUPDATE_ACCOUNT_ID_FILE and GEOIPUPDATE_LICENSE_KEY_FILE environment variables. I do see the files are being created in /run/secrets/ within the container and I confirmed that the information matches what I have on my host; however, the following error appear:

When GEOIPUPDATE_ACCOUNT_ID_FILE is defined in my docker-compose.yml, this error appears:

invalid account ID format

When GEOIPUPDATE_ACCOUNT_ID is used instead, but GEOIPUPDATE_LICENSE_KEY_FILE is defined, this error appears:

Error retrieving updates: running the job processor: running job: getting update for GeoLite2-ASN: unexpected HTTP status code: received HTTP status code: 401: Your account ID or license key could not be authenticated.

Also, it doesn't appear that the contents of GEOIPUPDATE_LICENSE_KEY_FILE gets validated before attempting to use it when making the requests, which is why the above error appears instead of seeing something like:

Invalid license key

I've also tried changing the ownership and permissions of both the files and the parent directory, but get the same result.

This is what my docker-compose.yml file looks like:

services:
  geoip:
    container_name: geoip
    image: ghcr.io/maxmind/geoipupdate:latest
    environment:
      - GEOIPUPDATE_ACCOUNT_ID_FILE=/run/secrets/maxmind_account_id
      - GEOIPUPDATE_LICENSE_KEY_FILE=/run/secrets/maxmind_license_key
      - GEOIPUPDATE_EDITION_IDS=GeoLite2-ASN GeoLite2-City GeoLite2-Country
      - GEOIPUPDATE_FREQUENCY=72
    restart: unless-stopped
    secrets:
      - maxmind_account_id
      - maxmind_license_key
    volumes:
      - /mnt/app-data/maxmind:/usr/share/GeoIP

secrets:
  maxmind_account_id:
    file: /mnt/app-data/secrets/maxmind-account-id
  maxmind_license_key:
    file: /mnt/app-data/secrets/maxmind-license-key

I've already tried wrapping the environment variables in quotes, but that didn't seem to make any difference.

[oschwald]

We believe the issue is that your secret file contains whitespace. In the next release, we will start trimming whitespace after reading in the files. As an immediate workaround, you could ensure that the file is written without any whitespace, including newlines, carriage returns, spaces, etc.

[kuya1284]

We believe the issue is that your secret file contains whitespace. In the next release, we will start trimming whitespace after reading in the files. As an immediate workaround, you could ensure that the file is written without any whitespace, including newlines, carriage returns, spaces, etc.

That was one of the first thing I checked. I even confirmed that there were no extra new lines, spaces before and after, etc. There were none. My files contained a single line with the string without any extra white-space.

[kuya1284]

Here are two screenshots showing the contents of both files, with a portion of the strings obfuscated, and with my cursor all the way at the end of the string. This shows that there are no extra white-space before and after.

[oschwald]

Vim and most other editors will insert a newline at the end of the file. I assume this is the issue. You can disable this, but if you already have the file, you could run something like truncate -s -1 <filename>.

[kuya1284]

@oschwald I've been using vi for over 20 years and never realized that a newline gets added when saving the file. Thank you for making me aware of that. I just tested your suggested as well as used echo -n to write to my files and everything works perfectly. Thank you so much for your help!

[oschwald]

Glad to hear it worked!