cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

Adds a new command line for tunnel run for token file

Open Cyb3r-Jak3 opened this issue 1 year ago • 3 comments

Adds a new command line flag for tunnel run which allows a file to be read for the token. I've left the token command line argument with priority.

Would resolve #645

Cyb3r-Jak3 avatar Aug 25 '24 13:08 Cyb3r-Jak3

@Cyb3r-Jak3 Can you please elaborate on your need to store the tunnel token in a local file? Any details of your workflow would be helpful.

janani-cr avatar Oct 01 '24 16:10 janani-cr

@janani-cr The goal would be to use docker secrets to pass the token to cloudflared. Docker secrets are passed as a file to the container. Standard practice for other images to have _FILE suffix so secrets can be used.

Cyb3r-Jak3 avatar Oct 01 '24 19:10 Cyb3r-Jak3

This feature is also desired for running cloudflared on Guix System or NixOS, since service definitions are done at build time and written to the store which is world-readable.

Only specifying path to a keyfile outside the store can avoid the token being included in it.

rakino avatar Oct 04 '24 10:10 rakino

This would be great to get merged. I've been looking for a more user-friendly (see: not a workaround) way to provide the tunnel token as a Docker secret.

mfx00 avatar Oct 30 '24 12:10 mfx00

Would love to see this released soon. All of my other services are able to use the _FILE convention with docker secrets. Cloudflare tunnel is the last service holding out on me.

KalenWessel avatar Dec 15 '24 03:12 KalenWessel

Yes please!

david-plugge avatar Dec 18 '24 23:12 david-plugge

@Cyb3r-Jak3 I have another concern about this. os.ReadFile reads the entire file into the memory, so should there be some sort of check on file size before reading the entire file ? (Maybe user passed a very big file with size in GBs by mistake.) We could use os.Stat to get FileInfo object, and FileInfo.Size() to get file size, and apply a size check ( maybe limit files to < 10 MB )

  • https://pkg.go.dev/os#File.Stat
  • https://pkg.go.dev/io/fs#FileInfo

Not sure if this is needed or not.

lazysegtree avatar Jan 19 '25 14:01 lazysegtree

@Cyb3r-Jak3 I have another concern about this. os.ReadFile reads the entire file into the memory, so should there be some sort of check on file size before reading the entire file ?

I thought about this, but the config isn't checked for size, I didn't add it here.

Cyb3r-Jak3 avatar Jan 22 '25 03:01 Cyb3r-Jak3

Please, give this issue some love.

Domini avatar Feb 16 '25 13:02 Domini

From the open PRs and no response from maintainers, I dont know if the current maintainers of the repo even care about contributions from open source community. God knows what are they thinking.

For example this PR to fix dead links in ReadMe is pending for god-knows-what reason - https://github.com/cloudflare/cloudflared/pull/1358

lazysegtree avatar Feb 16 '25 15:02 lazysegtree