From f3ccd4cfc693c5c2f721969975788072ab264582 Mon Sep 17 00:00:00 2001
From: Denis Gukov <denguk@gmail.com>
Date: Fri, 27 Jan 2023 22:54:46 +0400
Subject: [PATCH] feat(be): use env vars for db options

---
 lib/AnsiblePlaybook.go | 15 +++++++++++++
 util/config.go         | 51 +++++++++++++++++++++++++++++-------------
 2 files changed, 51 insertions(+), 15 deletions(-)

diff --git a/lib/AnsiblePlaybook.go b/lib/AnsiblePlaybook.go
index 75dd1ad49..7b1209f89 100644
--- a/lib/AnsiblePlaybook.go
+++ b/lib/AnsiblePlaybook.go
@@ -28,6 +28,21 @@ func (p AnsiblePlaybook) makeCmd(command string, args []string, environmentVars
 		cmd.Env = append(cmd.Env, *environmentVars...)
 	}
 
+	sensitiveEnvs := []string{
+		"SEMAPHORE_ACCESS_KEY_ENCRYPTION",
+		"SEMAPHORE_ADMIN_PASSWORD",
+		"SEMAPHORE_DB_USER",
+		"SEMAPHORE_DB_NAME",
+		"SEMAPHORE_DB_HOST",
+		"SEMAPHORE_DB_PASS",
+		"SEMAPHORE_LDAP_PASSWORD",
+	}
+
+	// Remove sensitive env variables from cmd process
+	for _, env := range sensitiveEnvs {
+		cmd.Env = append(cmd.Env, env+"=")
+	}
+
 	return cmd
 }
 
diff --git a/util/config.go b/util/config.go
index c52c797ec..ddc6960a5 100644
--- a/util/config.go
+++ b/util/config.go
@@ -300,23 +300,44 @@ func (d *DbConfig) HasSupportMultipleDatabases() bool {
 }
 
 func (d *DbConfig) GetConnectionString(includeDbName bool) (connectionString string, err error) {
+	dbName := os.Getenv("SEMAPHORE_DB_NAME")
+	dbUser := os.Getenv("SEMAPHORE_DB_USER")
+	dbPass := os.Getenv("SEMAPHORE_DB_PASS")
+	dbHost := os.Getenv("SEMAPHORE_DB_HOST")
+
+	if dbUser == "" {
+		dbUser = d.Username
+	}
+
+	if dbPass == "" {
+		dbPass = d.Username
+	}
+
+	if dbHost == "" {
+		dbHost = d.Hostname
+	}
+
+	if dbName == "" {
+		dbName = d.DbName
+	}
+
 	switch d.Dialect {
 	case DbDriverBolt:
-		connectionString = d.Hostname
+		connectionString = dbHost
 	case DbDriverMySQL:
 		if includeDbName {
 			connectionString = fmt.Sprintf(
 				"%s:%s@tcp(%s)/%s",
-				d.Username,
-				d.Password,
-				d.Hostname,
-				d.DbName)
+				dbUser,
+				dbPass,
+				dbHost,
+				dbName)
 		} else {
 			connectionString = fmt.Sprintf(
 				"%s:%s@tcp(%s)/",
-				d.Username,
-				d.Password,
-				d.Hostname)
+				dbUser,
+				dbPass,
+				dbHost)
 		}
 		options := map[string]string{
 			"parseTime":         "true",
@@ -330,16 +351,16 @@ func (d *DbConfig) GetConnectionString(includeDbName bool) (connectionString str
 		if includeDbName {
 			connectionString = fmt.Sprintf(
 				"postgres://%s:%s@%s/%s",
-				d.Username,
-				url.QueryEscape(d.Password),
-				d.Hostname,
-				d.DbName)
+				dbUser,
+				url.QueryEscape(dbPass),
+				dbHost,
+				dbName)
 		} else {
 			connectionString = fmt.Sprintf(
 				"postgres://%s:%s@%s",
-				d.Username,
-				url.QueryEscape(d.Password),
-				d.Hostname)
+				dbUser,
+				url.QueryEscape(dbPass),
+				dbHost)
 		}
 		connectionString += mapToQueryString(d.Options)
 	default: