From 54b0512f3f7edf4068bd11b3a9179f6bcb05351f Mon Sep 17 00:00:00 2001 From: Alphonse Paix Date: Fri, 5 Sep 2025 18:27:46 +0200 Subject: [PATCH] Use env vars for TLS files --- configuration/local.yaml | 2 +- src/configuration.rs | 2 +- src/startup.rs | 10 ++++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/configuration/local.yaml b/configuration/local.yaml index b0211e9..ebaacc7 100644 --- a/configuration/local.yaml +++ b/configuration/local.yaml @@ -2,7 +2,6 @@ application: port: 8000 host: "127.0.0.1" base_url: "http://127.0.0.1:8000" - require_tls: false database: host: "127.0.0.1" port: 5432 @@ -13,3 +12,4 @@ database: email_client: authorization_token: "secret-token" redis_uri: "redis://127.0.0.1:6379" +require_tls: false diff --git a/src/configuration.rs b/src/configuration.rs index 683bd1b..2a87410 100644 --- a/src/configuration.rs +++ b/src/configuration.rs @@ -61,6 +61,7 @@ pub struct Settings { pub database: DatabaseSettings, pub email_client: EmailClientSettings, pub redis_uri: SecretString, + pub require_tls: bool, } #[derive(Clone, Deserialize)] @@ -69,7 +70,6 @@ pub struct ApplicationSettings { pub port: u16, pub host: String, pub base_url: String, - pub require_tls: bool, } #[derive(Clone, Deserialize)] diff --git a/src/startup.rs b/src/startup.rs index 5235723..d8d99b2 100644 --- a/src/startup.rs +++ b/src/startup.rs @@ -62,14 +62,16 @@ impl Application { configuration.application.base_url, redis_store, ); - let tls_config = if configuration.application.require_tls { + let tls_config = if configuration.require_tls { Some( RustlsConfig::from_pem_file( - "/home/alphonse/.certs/fullchain.pem", - "/home/alphonse/.certs/privkey.pem", + std::env::var("APP_TLS_CERT") + .expect("Failed to read TLS certificate environment variable"), + std::env::var("APP_TLS_KEY") + .expect("Feiled to read TLS private key environment variable"), ) .await - .unwrap(), + .expect("Could not create TLS configuration"), ) } else { None