Warning message "Cluster secret is empty, cluster will start on unprotected network"

Hi,

I’m running ipfs/go-ipfs:v0.12.0 using docker-compose. I also populated the environment variable “CLUSTER_SECRET” per snippet below. What I’m wondering is why I’m still seeing the warning message like “Cluster secret is empty, cluster will start on unprotected network” in the log file? Do I need to set anything else to make ipfs-cluster takes the cluster secret?

  cluster0:
    container_name: cluster0
    restart: always
    image: ipfs/ipfs-cluster:v0.14.5
    depends_on:
      - ipfs0
    environment:
      DUMMY: 012
      PROJECT: ${PROJECT}
      CLUSTER_PEERNAME: ${INSTANCE}
      CLUSTER_IPFSHTTP_NODEMULTIADDRESS: /dns4/ipfs0/tcp/5001
      CLUSTER_CRDT_TRUSTEDPEERS: '*' # Trust all peers in Cluster
      CLUSTER_MONITORPINGINTERVAL: 2s # Speed up peer discovery
      CLUSTER_IPFSPROXY_NODEMULTIADDRESS: /dns4/ipfs0/tcp/5001 # Make IPFS Proxy work
      CLUSTER_IPFSPROXY_LISTENMULTIADDRESS: /ip4/0.0.0.0/tcp/9095 # Expose IPFS Proxy API
      CLUSTER_RESTAPI_HTTPLISTENMULTIADDRESS: /ip4/0.0.0.0/tcp/9094 # Expose Rest API
      CLUSTER_SECRET_FILE: /run/secrets/ipfs_cluster_secret
      CLUSTER_SECRET: ${IPFS_CLUSTER_SECRET_KEY}
    secrets:
      - ipfs_cluster_secret
    ports:
          # Open API port (allows ipfs-cluster-ctl usage on host)
          - "9094:9094"
          # IPFS Proxy port
          # Can be load-balanced.
          - "9095:9095"
          # The cluster swarm port would need  to be exposed if this container
          # was to connect to cluster peers on other hosts.
          - "9096:9096" # Cluster IPFS Proxy endpoint
    volumes:
      - ${DATA_DIR}/ipfs-cluster:/data/ipfs-cluster
      - ${DATA_DIR}/configs/ipfs-start.bash:/scripts/ipfs-start.bash
      - ${DATA_DIR}/configs/peers-tables.cfg:/scripts/peers-tables.cfg
    entrypoint: ["/sbin/tini", "--"]
    command: |-
      sh -c '
        /scripts/ipfs-start.bash
      '

Regards,
James

Probably because IPFS_CLUSTER_SECRET_KEY is empty. Also not sure where CLUSTER_SECRET_FILE is from, definitely not something supported by cluster out of the box.

I believe if you want to set and env var from a secret you’d need the following

CLUSTER_SECRET: {{DOCKER-SECRET:ipfs_cluster_secret}}