github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-03-09 03:32:54 -05:00
Code Issues 250 Packages Projects Releases 53 Wiki Activity

ACTUAL_OPENID_CLIENT_SECRET variable to be set through a file #2228

New Issue
Closed
opened 2026-02-28 20:07:24 -06:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-02-28 20:07:24 -06:00
Owner
Copy Link

Originally created by @ghost on GitHub (Jun 25, 2025).

Verified feature request does not already exist?

  • I have searched and found no existing issue

💻

  • Would you like to implement this feature?

Pitch: what problem are you trying to solve?

ACTUAL_OPENID_CLIENT_SECRET is conveniently set through an environment variable, but for security it would be nice if we could set it through ACTUAL_OPENID_CLIENT_SECRET_FILE as well, to support dynamic secrets.

Describe your ideal solution to this problem

An override through a ACTUAL_OPENID_CLIENT_SECRET_FILE variable, which could probably be added to the config file as well if users are using that option. This could also allow dynamic secrets.

Teaching and learning

Just noting it on the documentation for the environment variables would probably do the trick. Anyone using this feature specifically would be very intentional about where they look for it.

Originally created by @ghost on GitHub (Jun 25, 2025). ### Verified feature request does not already exist? - [x] I have searched and found no existing issue ### 💻 - [ ] Would you like to implement this feature? ### Pitch: what problem are you trying to solve? ACTUAL_OPENID_CLIENT_SECRET is conveniently set through an environment variable, but for security it would be nice if we could set it through ACTUAL_OPENID_CLIENT_SECRET_FILE as well, to support dynamic secrets. ### Describe your ideal solution to this problem An override through a ACTUAL_OPENID_CLIENT_SECRET_FILE variable, which could probably be added to the config file as well if users are using that option. This could also allow dynamic secrets. ### Teaching and learning Just noting it on the documentation for the environment variables would probably do the trick. Anyone using this feature specifically would be very intentional about where they look for it.
GiteaMirror added the needs votesfeature labels 2026-02-28 20:07:24 -06:00
GiteaMirror commented 2026-02-28 20:07:25 -06:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Jun 25, 2025):

Thanks for sharing your idea!

This repository uses a voting-based system for feature requests. While enhancement issues are automatically closed, we still welcome feature requests! The voting system helps us gauge community interest in potential features. We also encourage community contributions for any feature requests marked as needing votes (just post a comment first so we can help guide you toward a successful contribution).

The enhancement backlog can be found here: https://github.com/actualbudget/actual/issues?q=label%3A%22needs+votes%22+sort%3Areactions-%2B1-desc+

Don’t forget to upvote the top comment with 👍!

@github-actions[bot] commented on GitHub (Jun 25, 2025): :sparkles: Thanks for sharing your idea! :sparkles: This repository uses a voting-based system for feature requests. While enhancement issues are automatically closed, we still welcome feature requests! The voting system helps us gauge community interest in potential features. We also encourage community contributions for any feature requests marked as needing votes (just post a comment first so we can help guide you toward a successful contribution). The enhancement backlog can be found here: https://github.com/actualbudget/actual/issues?q=label%3A%22needs+votes%22+sort%3Areactions-%2B1-desc+ Don’t forget to upvote the top comment with 👍! <!-- feature-auto-close-comment -->
GiteaMirror commented 2026-02-28 20:07:25 -06:00
Author
Owner
Copy Link

@jfdoming commented on GitHub (Jun 25, 2025):

It doesn't completely address the request of setting that one variable in isolation, but as a workaround you can use config.json to pass the secret in as a file—it just means that the "secret" needs to contain a valid JSON blob rather than just the OIDC secret.

@jfdoming commented on GitHub (Jun 25, 2025): It doesn't completely address the request of setting that one variable in isolation, but as a workaround you can use config.json to pass the secret in as a file—it just means that the "secret" needs to contain a valid JSON blob rather than just the OIDC secret.
GiteaMirror commented 2026-02-28 20:07:25 -06:00
Author
Owner
Copy Link

@jfdoming commented on GitHub (Jun 25, 2025):

Ideally we would support _FILE for all config parameters

@jfdoming commented on GitHub (Jun 25, 2025): Ideally we would support _FILE for all config parameters
GiteaMirror commented 2026-02-28 20:07:25 -06:00
Author
Owner
Copy Link

@ghost commented on GitHub (Jun 25, 2025):

Oh, interesting! So if I'm understanding you correctly, I could set environment variables as I am, and then have the secret file be a JSON blob with only that value (or possibly other secret values).

{
  "openId": {
    "client_secret": "insecure_secret",
  }
}

And that would be the contents of the entire secret file. A little ugly, by totally valid. Ideally I would start on this myself, so I'll see what it would take to add _FILE variables to the existing config.

@ghost commented on GitHub (Jun 25, 2025): Oh, interesting! So if I'm understanding you correctly, I could set environment variables as I am, and then have the secret file be a JSON blob with only that value (or possibly other secret values). ``` { "openId": { "client_secret": "insecure_secret", } } ``` And that would be the contents of the entire secret file. A little ugly, by totally valid. Ideally I would start on this myself, so I'll see what it would take to add _FILE variables to the existing config.
GiteaMirror commented 2026-02-28 20:07:26 -06:00
Author
Owner
Copy Link

@jfdoming commented on GitHub (Jun 25, 2025):

Oh, interesting! So if I'm understanding you correctly, I could set environment variables as I am, and then have the secret file be a JSON blob with only that value (or possibly other secret values).

{
  "openId": {
    "client_secret": "insecure_secret",
  }
}

And that would be the contents of the entire secret file. A little ugly, by totally valid. Ideally I would start on this myself, so I'll see what it would take to add _FILE variables to the existing config.

Yep, exactly! And agree it is not great—a contribution to support _FILE would be welcome.

@jfdoming commented on GitHub (Jun 25, 2025): > Oh, interesting! So if I'm understanding you correctly, I could set environment variables as I am, and then have the secret file be a JSON blob with only that value (or possibly other secret values). > > ``` > { > "openId": { > "client_secret": "insecure_secret", > } > } > ``` > And that would be the contents of the entire secret file. A little ugly, by totally valid. Ideally I would start on this myself, so I'll see what it would take to add _FILE variables to the existing config. Yep, exactly! And agree it is not great—a contribution to support _FILE would be welcome.
GiteaMirror commented 2026-02-28 20:07:26 -06:00
Author
Owner
Copy Link

@ghost commented on GitHub (Jun 25, 2025):

Oh, interesting! So if I'm understanding you correctly, I could set environment variables as I am, and then have the secret file be a JSON blob with only that value (or possibly other secret values).

{
  "openId": {
    "client_secret": "insecure_secret",
  }
}

And that would be the contents of the entire secret file. A little ugly, by totally valid. Ideally I would start on this myself, so I'll see what it would take to add _FILE variables to the existing config.

Yep, exactly! And agree it is not great—a contribution to support _FILE would be welcome.

Done! only 18 lines of js, PR #5235

@ghost commented on GitHub (Jun 25, 2025): > > Oh, interesting! So if I'm understanding you correctly, I could set environment variables as I am, and then have the secret file be a JSON blob with only that value (or possibly other secret values). > > ``` > > { > > "openId": { > > "client_secret": "insecure_secret", > > } > > } > > ``` > > > > > > > > > > > > > > > > > > > > > > > > And that would be the contents of the entire secret file. A little ugly, by totally valid. Ideally I would start on this myself, so I'll see what it would take to add _FILE variables to the existing config. > > Yep, exactly! And agree it is not great—a contribution to support _FILE would be welcome. Done! only 18 lines of js, PR #5235
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
Mirrored from GitHub Pull Request
 regression
reports
responsive
rules
schedules
server
merged
split transactions
tech debt
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
approved
wontfix
No Label feature needs votes
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#2228
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?