From e4e5b0bc5d66a36b10497da8452ac0fc303b10b9 Mon Sep 17 00:00:00 2001
From: WeebDataHoarder <weebdatahoarder@noreply.gammaspectra.live>
Date: Sat, 28 Jun 2025 10:29:42 +0200
Subject: [PATCH] build/docker: pass JWT_PRIVATE_KEY_SEED as a secret env, add
 alternate GOAWAY_JWT_PRIVATE_KEY_SEED env

---
 Dockerfile          | 3 +--
 cmd/go-away/main.go | 4 +++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d7fd4e0..bcd48a8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -55,7 +55,6 @@ ENV GOAWAY_CHALLENGE_TEMPLATE_LOGO=""
 ENV GOAWAY_SLOG_LEVEL="WARN"
 ENV GOAWAY_CLIENT_IP_HEADER=""
 ENV GOAWAY_BACKEND_IP_HEADER=""
-ENV GOAWAY_JWT_PRIVATE_KEY_SEED=""
 ENV GOAWAY_BACKEND=""
 ENV GOAWAY_ACME_AUTOCERT=""
 ENV GOAWAY_CACHE="/cache"
@@ -66,6 +65,6 @@ EXPOSE 8080/udp
 EXPOSE 9090/tcp
 EXPOSE 6060/tcp
 
-ENV JWT_PRIVATE_KEY_SEED="${GOAWAY_JWT_PRIVATE_KEY_SEED}"
+# Use GOAWAY_JWT_PRIVATE_KEY_SEED or JWT_PRIVATE_KEY_SEED secret mount to expose this value to docker
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
diff --git a/cmd/go-away/main.go b/cmd/go-away/main.go
index 4bd0809..b462aa4 100644
--- a/cmd/go-away/main.go
+++ b/cmd/go-away/main.go
@@ -154,7 +154,9 @@ func main() {
 	var seed []byte
 
 	var kValue string
-	if kValue = os.Getenv("JWT_PRIVATE_KEY_SEED"); kValue != "" {
+	if kValue = os.Getenv("GOAWAY_JWT_PRIVATE_KEY_SEED"); kValue != "" {
+		// prefer first
+	} else if kValue = os.Getenv("JWT_PRIVATE_KEY_SEED"); kValue != "" {
 
 	} else if *jwtPrivateKeySeed != "" {
 		kValue = *jwtPrivateKeySeed