From 613a7c2e415266ec3fc426c9e46525c82120e9d1 Mon Sep 17 00:00:00 2001
From: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Date: Wed, 08 Apr 2026 09:38:33 +0000
Subject: [PATCH] fix: remove ENV ROOT_PASSWORD from Dockerfiles and add Docker secrets support in run.sh

---
 opendj-packages/opendj-docker/run.sh            |    9 +++++++--
 opendj-packages/opendj-docker/Dockerfile-alpine |    4 +++-
 opendj-packages/opendj-docker/Dockerfile        |    4 +++-
 3 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/opendj-packages/opendj-docker/Dockerfile b/opendj-packages/opendj-docker/Dockerfile
index 643769c..0ddc0d3 100644
--- a/opendj-packages/opendj-docker/Dockerfile
+++ b/opendj-packages/opendj-docker/Dockerfile
@@ -8,7 +8,9 @@
 ENV ADMIN_PORT=4444
 ENV BASE_DN="dc=example,dc=com"
 ENV ROOT_USER_DN="cn=Directory Manager"
-ENV ROOT_PASSWORD="password"
+# ROOT_PASSWORD should be passed at runtime via: docker run -e ROOT_PASSWORD=...
+# or mount a Docker secret file to /run/secrets/root_password
+# Default value if not provided: "password"
 #ENV SECRET_VOLUME
 ENV OPENDJ_SSL_OPTIONS="--generateSelfSignedCertificate"
 #ENV MASTER_SERVER
diff --git a/opendj-packages/opendj-docker/Dockerfile-alpine b/opendj-packages/opendj-docker/Dockerfile-alpine
index 1a3ece3..970455a 100644
--- a/opendj-packages/opendj-docker/Dockerfile-alpine
+++ b/opendj-packages/opendj-docker/Dockerfile-alpine
@@ -8,7 +8,9 @@
 ENV ADMIN_PORT=4444
 ENV BASE_DN="dc=example,dc=com"
 ENV ROOT_USER_DN="cn=Directory Manager"
-ENV ROOT_PASSWORD="password"
+# ROOT_PASSWORD should be passed at runtime via: docker run -e ROOT_PASSWORD=...
+# or mount a Docker secret file to /run/secrets/root_password
+# Default value if not provided: "password"
 #ENV SECRET_VOLUME
 ENV OPENDJ_SSL_OPTIONS="--generateSelfSignedCertificate"
 #ENV MASTER_SERVER
diff --git a/opendj-packages/opendj-docker/run.sh b/opendj-packages/opendj-docker/run.sh
index 4808e30..b602871 100755
--- a/opendj-packages/opendj-docker/run.sh
+++ b/opendj-packages/opendj-docker/run.sh
@@ -28,8 +28,13 @@
 export BASE_DN=${BASE_DN:-"dc=example,dc=com"}
 echo "BASE DN is ${BASE_DN}"
 
-export PASSWORD=${ROOT_PASSWORD:-password}
-echo "Password set to $PASSWORD"
+# Read ROOT_PASSWORD from Docker secret file if available, fall back to env var, then default
+if [ -f /run/secrets/root_password ]; then
+  export ROOT_PASSWORD=$(tr -d '\n\r' < /run/secrets/root_password)
+fi
+export ROOT_PASSWORD=${ROOT_PASSWORD:-password}
+export PASSWORD=${ROOT_PASSWORD}
+echo "Password is set"
 
 BOOTSTRAP=${BOOTSTRAP:-/opt/opendj/bootstrap/setup.sh}
 echo "Running $BOOTSTRAP"

--
Gitblit v1.10.0