From 1013fe876d9068a2b4c6fe00531e9bc3b1c4d772 Mon Sep 17 00:00:00 2001
From: Amir Lazarovich <amir@somnius.io>
Date: Thu, 20 Oct 2022 17:24:30 -0400
Subject: [PATCH] Add support for loading FLOWER_OAUTH2_SECRET via a file to
 support secrets

---
 flower/command.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/flower/command.py b/flower/command.py
index cb2e552a8..cc7ce5196 100644
--- a/flower/command.py
+++ b/flower/command.py
@@ -124,9 +124,15 @@ def extract_settings():
             settings[name] = prepend_url(settings[name], options.url_prefix)
 
     if options.auth:
+        oauth2_secret_file = os.environ.get("FLOWER_OAUTH2_SECRET_FILE", "")
+        oauth2_secret = (
+            options.oauth2_secret or os.environ.get("FLOWER_OAUTH2_SECRET")
+            if not oauth2_secret_file
+            else open(oauth2_secret_file, "r").readline()
+        )
         settings['oauth'] = {
             'key': options.oauth2_key or os.environ.get('FLOWER_OAUTH2_KEY'),
-            'secret': options.oauth2_secret or os.environ.get('FLOWER_OAUTH2_SECRET'),
+            'secret': oauth2_secret,
             'redirect_uri': options.oauth2_redirect_uri or os.environ.get('FLOWER_OAUTH2_REDIRECT_URI'),
         }