Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adds a new command line for tunnel run for token file #1316

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Adds a new command line for tunnel run for token file #1316

wants to merge 4 commits into from

Conversation

Cyb3r-Jak3
Copy link

Adds a new command line flag for tunnel run which allows a file to be read for the token. I've left the token command line argument with priority.

Would resolve #645

@janani-cr
Copy link

@Cyb3r-Jak3 Can you please elaborate on your need to store the tunnel token in a local file? Any details of your workflow would be helpful.

@Cyb3r-Jak3
Copy link
Author

@janani-cr The goal would be to use docker secrets to pass the token to cloudflared. Docker secrets are passed as a file to the container. Standard practice for other images to have _FILE suffix so secrets can be used.

@rakino
Copy link

rakino commented Oct 4, 2024

This feature is also desired for running cloudflared on Guix System or NixOS, since service definitions are done at build time and written to the store which is world-readable.

Only specifying path to a keyfile outside the store can avoid the token being included in it.

@masonfx
Copy link

masonfx commented Oct 30, 2024

This would be great to get merged. I've been looking for a more user-friendly (see: not a workaround) way to provide the tunnel token as a Docker secret.

@KalenWessel
Copy link

Would love to see this released soon. All of my other services are able to use the _FILE convention with docker secrets. Cloudflare tunnel is the last service holding out on me.

@david-plugge
Copy link

Yes please!

@lazysegtree
Copy link

lazysegtree commented Jan 19, 2025
edited
Loading

@Cyb3r-Jak3 I have another concern about this. os.ReadFile reads the entire file into the memory, so should there be some sort of check on file size before reading the entire file ? (Maybe user passed a very big file with size in GBs by mistake.)
We could use os.Stat to get FileInfo object, and FileInfo.Size() to get file size, and apply a size check ( maybe limit files to < 10 MB )

Not sure if this is needed or not.

@Cyb3r-Jak3
Copy link
Author

@Cyb3r-Jak3 I have another concern about this. os.ReadFile reads the entire file into the memory, so should there be some sort of check on file size before reading the entire file ?

I thought about this, but the config isn't checked for size, I didn't add it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lazysegtree lazysegtree lazysegtree left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow passing tunnel token via the file system.
7 participants
@Cyb3r-Jak3 @janani-cr @rakino @masonfx @KalenWessel @david-plugge @lazysegtree