github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #14754] feat: Add WEBUI_SECRET_KEY_FILE environment variable. #17354

New Issue
Closed
opened 2026-04-19 23:05:20 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-19 23:05:20 -05:00
Owner
Copy Link

Originally created by @MicahZoltu on GitHub (Jun 7, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/14754

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

Docker Swarm secrets can only be added to the container as files, and only in a specific location (/run/secrets/*). Currently, in order to set the WEBUI_SECRET_KEY, you either need to provide the secret as an environment variable, or by providing a file at /app/backend/.webui_secret_key, neither of which are secure ways to manage secrets in Docker.

Desired Solution you'd like

Add an environment variable called WEBUI_SECRET_KEY_FILE which accepts the path to a file that holds the WebUI Secret Key. If this environment variable isn't present and the WEBUI_SECRET_KEY environment variable isn't present, then it would fallback to looking for the secret key in its current location in /app/backend/.webui_secret_key.

This way, a docker swarm user can setup a Docker Secret and then set WEBUI_SECRET_KEY_FILE to point at /run/secrets/my_secret.

Alternatives Considered

No response

Additional Context

No response

Originally created by @MicahZoltu on GitHub (Jun 7, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/14754 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description Docker Swarm secrets can only be added to the container as files, and only in a specific location (`/run/secrets/*`). Currently, in order to set the `WEBUI_SECRET_KEY`, you either need to provide the secret as an environment variable, or by providing a file at `/app/backend/.webui_secret_key`, neither of which are secure ways to manage secrets in Docker. ### Desired Solution you'd like Add an environment variable called `WEBUI_SECRET_KEY_FILE` which accepts the path to a file that holds the WebUI Secret Key. If this environment variable isn't present and the `WEBUI_SECRET_KEY` environment variable isn't present, then it would fallback to looking for the secret key in its current location in `/app/backend/.webui_secret_key`. This way, a docker swarm user can setup a Docker Secret and then set `WEBUI_SECRET_KEY_FILE` to point at `/run/secrets/my_secret`. ### Alternatives Considered _No response_ ### Additional Context _No response_
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#17354
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?