Use env vars for TLS files

2025-09-05 18:27:46 +02:00
parent 8d6cab41d0
commit 54b0512f3f
3 changed files with 8 additions and 6 deletions
--- a/configuration/local.yaml
+++ b/configuration/local.yaml
@@ -2,7 +2,6 @@ application:
  port: 8000
  host: "127.0.0.1"
  base_url: "http://127.0.0.1:8000"
  require_tls: false
 database:
  host: "127.0.0.1"
  port: 5432
@@ -13,3 +12,4 @@ database:
 email_client:
  authorization_token: "secret-token"
 redis_uri: "redis://127.0.0.1:6379"
 require_tls: false
--- a/src/configuration.rs
+++ b/src/configuration.rs
@@ -61,6 +61,7 @@ pub struct Settings {
    pub database: DatabaseSettings,
    pub email_client: EmailClientSettings,
    pub redis_uri: SecretString,
    pub require_tls: bool,
 }
 #[derive(Clone, Deserialize)]
@@ -69,7 +70,6 @@ pub struct ApplicationSettings {
    pub port: u16,
    pub host: String,
    pub base_url: String,
    pub require_tls: bool,
 }
 #[derive(Clone, Deserialize)]
--- a/src/startup.rs
+++ b/src/startup.rs
@@ -62,14 +62,16 @@ impl Application {
            configuration.application.base_url,
            redis_store,
        );
-        let tls_config = if configuration.application.require_tls {
+        let tls_config = if configuration.require_tls {
            Some(
                RustlsConfig::from_pem_file(
-                    "/home/alphonse/.certs/fullchain.pem",
+                    std::env::var("APP_TLS_CERT")
-                    "/home/alphonse/.certs/privkey.pem",
+                        .expect("Failed to read TLS certificate environment variable"),
                    std::env::var("APP_TLS_KEY")
                        .expect("Feiled to read TLS private key environment variable"),
                )
                .await
-                .unwrap(),
+                .expect("Could not create TLS configuration"),
            )
        } else {
            None