read env vars for secrets

.github/workflows/blank.yml

@@ -95,6 +95,12 @@ jobs:
           script: |
             mkdir -p /var/www/csr/stage/
             echo '${{ secrets.DEPLOY_CONFIG }}' > /var/www/csr/stage/config.json
+            sudo rm -rf /etc/systemd/system/stage.csr.service.d
+            sudo EDITOR='tee' systemctl edit stage.csr.service <<< '[Service]
+            Environment="JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}"
+            Environment="EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}"'
+            Environment="DB_USER=${{ secrets.DB_USER }}"'
+            Environment="DB_PASSWORD=${{ secrets.DB_PASSWORD }}"'
             sudo systemctl daemon-reload && sudo service stage.csr stop
             cp ~/csr /var/www/csr/stage/server
             sudo service stage.csr start

internal/config/app.go

@@ -85,6 +85,7 @@ func GetAppConfig(additionalDirectories ...string) (*AppConfig, error) {
 	if err := viper.ReadInConfig(); err != nil {
 		return nil, fmt.Errorf("failed to read in config: %w", err)
 	}
+	bindEnvVars()
 
 	conf := getDefaultConfig()
 	if err := viper.Unmarshal(&conf); err != nil {
@@ -100,6 +101,7 @@ func GetAppConfig(additionalDirectories ...string) (*AppConfig, error) {
 
 func getDefaultConfig() *AppConfig {
 	return &AppConfig{
+		JWTSecretKey: "default_value",
 		DB: DB{
 			Host:     "localhost",
 			User:     "csr",
@@ -110,6 +112,7 @@ func getDefaultConfig() *AppConfig {
 			ResetLinkExpiration: 15 * time.Minute,
 		},
 		Email: Email{
+			Password:              "default_value",
 			SenderWebsiteUrl:      "https://csr.golangforall.com/",
 			ConfirmLinkExpiration: 15 * time.Minute,
 		},
@@ -119,3 +122,12 @@ func getDefaultConfig() *AppConfig {
 		},
 	}
 }
+
+func bindEnvVars() {
+	viper.BindEnv("jwtsecretkey", "JWT_SECRET_KEY")
+	viper.BindEnv("email.password", "EMAIL_PASSWORD")
+	viper.BindEnv("db.user", "DB_USER")
+	viper.BindEnv("db.password", "DB_PASSWORD")
+
+	viper.AutomaticEnv()
+}