diff --git a/src/config.rs b/src/config.rs index b70ed6fb05e141b51e165fbf4254284ce9172c5e..0aae4d1e41ed4371e791a2d7c999ea6bc69bc175 100644 --- a/src/config.rs +++ b/src/config.rs @@ -34,6 +34,11 @@ pub fn get_config(conf_args: Option<config::Config>) -> config::Config { }; conf.merge(config::File::with_name(&config_file)).ok(); + // Add config from same file with .secret appended, so that OAuth client secrets can be + // placed into a file only readable by root to force users to only ever use their user + // token acquired using PAM + conf.merge(config::File::with_name(&(config_file + ".secret"))).ok(); + // Override configuration from environment variables conf.merge(config::Environment::with_prefix(BASE_NAME.to_string().to_uppercase().as_str())).ok();