From 8a2fff6f301cda605554eb4e522d15b211b3b28c Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Sat, 27 Nov 2021 18:10:15 +0100
Subject: [PATCH] read sensitive information from environment variables

---
 main.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/main.go b/main.go
index 380a76b..7e3fb4c 100644
--- a/main.go
+++ b/main.go
@@ -70,6 +70,13 @@ func initConfig() {
 	viper.AddConfigPath("/etc/photo-bot/")
 	viper.AddConfigPath("$HOME/.photo-bot")
 	viper.AddConfigPath(".") // optionally look for config in the working directory
+
+	viper.BindEnv("Telegram.Token", "PHOTOBOT_TELEGRAM_TOKEN")
+	viper.BindEnv("WebInterface.OIDC.ClientSecret", "PHOTOBOT_OIDC_CLIENT_SECRET")
+	viper.BindEnv("WebInterface.Sessions.AuthenticationKey", "PHOTOBOT_SESSION_AUTHENTICATION_KEY")
+	viper.BindEnv("WebInterface.Sessions.EncryptionKey", "PHOTOBOT_SESSION_ENCRYPTION_KEY")
+	viper.BindEnv("Telegram.TokenGenerator.AuthenticationKey", "PHOTOBOT_TOKEN_GENERATOR_AUTHENTICATION_KEY")
+
 	err := viper.ReadInConfig()
 	if err != nil {
 		panic(fmt.Errorf("Cannot read config file: %s\n", err))