[GH-ISSUE #2201] EMAIL_SMTP_PASS env variable bug #4041

New Issue

GiteaMirror · 2026-04-20T08:26:56-05:00

GiteaMirror commented

2026-04-20 08:26:56 -05:00

Originally created by @Sepzilla on GitHub (Jan 1, 2026).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2201

Describe the Bug

I want to use docker secrets for SERVER_SECRET and EMAIL_SMTP_PASS. while SERVER_SECRET works just fine, the smtp password seems to be affected by a bug.

unlike #2092, the secret is indeed passed to the container at /run/secrets/PASSWRD_FILE and does overwrite smtp_pass that is in config.yml, yet it still fails. Even with passwords being exactly the same, using smtp_pass alone will work but when adding the docker secret file [that will output the same password if you cat the mounted file from within the container] it fails to authenticate.

I've tried all other variations that I could think of between the three fil

Bug Report.md

es and the spelling/syntax; but nothing seems to do it from my end other than not using environment variables for smtp and leaving the password in config.yml.

Environment

OS Type & Version: docker
Pangolin Version: 1.14.1
Gerbil Version: 1.3.0
Traefik Version: 3.4.0

To Reproduce

create text files for smtp password and server secret.
add files as secrets to docker in compose file and add as environment variables to the pangolin service.
fill in additional required parameters needed for email in config.yml.
create the container and then using a whitelisted email address try to send an OTP.
portal returns: "Failed to send one-time otp. Make sure the email address is correct and try again"

for a complete check do

only docker secret: wont work
only smtp_pass in config.yml: will work
leave the working config.yml as is, but switch back to using docker secret: wont work

one note: when the email address is in fact incorrect the error mentions checking the whitelist so the second part of that error doesn't necessarily apply.

Expected Behavior

authenticate with smtp server and send OTP.

Originally created by @Sepzilla on GitHub (Jan 1, 2026). Original GitHub issue: https://github.com/fosrl/pangolin/issues/2201 ### Describe the Bug I want to use docker secrets for `SERVER_SECRET` and `EMAIL_SMTP_PASS`. while `SERVER_SECRET` works just fine, the smtp password seems to be affected by a bug. unlike #2092, the secret is indeed passed to the container at `/run/secrets/PASSWRD_FILE` and *does* overwrite `smtp_pass` that is in `config.yml`, yet it still fails. Even with passwords being exactly the same, using `smtp_pass` alone will work but when adding the docker secret file [that will output the same password if you cat the mounted file from within the container] it fails to authenticate. I've tried *all* other variations that I could think of between the three fil [Bug Report.md](https://github.com/user-attachments/files/24403436/Bug.Report.md) es and the spelling/syntax; but nothing seems to do it from my end other than not using environment variables for smtp and leaving the password in `config.yml`. ### Environment - OS Type & Version: docker - Pangolin Version: 1.14.1 - Gerbil Version: 1.3.0 - Traefik Version: 3.4.0 ### To Reproduce - create text files for smtp password and server secret. - add files as `secrets` to docker in compose file and add as environment variables to the pangolin service. - fill in additional required parameters needed for `email` in config.yml. - create the container and then using a whitelisted email address try to send an OTP. - portal returns: "Failed to send one-time otp. Make sure the email address is correct and try again" for a complete check do 1. only docker secret: wont work 2. only `smtp_pass` in `config.yml`: will work 3. leave the working `config.yml` as is, but switch back to using docker secret: wont work > one note: when the email address is in fact incorrect the error mentions checking the whitelist so the second part of that error doesn't necessarily apply. ### Expected Behavior authenticate with smtp server and send OTP.

GiteaMirror added the stale label 2026-04-20 08:26:56 -05:00

GiteaMirror closed this issue

2026-04-20 08:26:57 -05:00

GiteaMirror commented

2026-04-20 08:26:59 -05:00

@github-actions[bot] commented on GitHub (Jan 16, 2026):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

@github-actions[bot] commented on GitHub (Jan 16, 2026): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

GiteaMirror commented

2026-04-20 08:27:00 -05:00

@github-actions[bot] commented on GitHub (Jan 30, 2026):

This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

@github-actions[bot] commented on GitHub (Jan 30, 2026): This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

Sign in to join this conversation.

Branches Tags

main

dependabot/npm_and_yarn/prod-patch-updates-64dd675a88

dependabot/npm_and_yarn/dev-minor-updates-10ef4f0f15

dependabot/docker/node-26-alpine

dependabot/docker/docker/library/node-26-slim

dependabot/npm_and_yarn/multi-7bdfbe8666

crowdin_dev

dev

resource-policies

redis

newt-install-commands

dependabot/npm_and_yarn/multi-d2fd79378c

dependabot/npm_and_yarn/uuid-14.0.0

dependabot/npm_and_yarn/postcss-8.5.10

miloschwartz-patch-2

dependabot/github_actions/actions/setup-node-6.4.0

dependabot/npm_and_yarn/next-16.2.1

dependabot/npm_and_yarn/recharts-3.8.1

dependabot/npm_and_yarn/next-intl-4.9.1

cross-org-idp

update-readme

miloschwartz-patch-1

breakout-sites-tables

revert-2766-feature/systemd-install-instructions

ssh

delete-account

msg-delivery

org-only-idp

cicd

patch

site-targets-auto-login

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/pangolin#4041