Move the random secret generation to start.sh.

This way the random secret is created on first run instead of docker build. We don't really want all standard imaages to share a password anymore than we want a static password.

Dockerfile

@@ -53,7 +53,4 @@ COPY --from=build /app/build /app/build
 # copy backend files
 COPY ./backend .
 
-# Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
-RUN echo $(head -c 12 /dev/random | base64) > docker_secret_key
-
 CMD [ "bash", "start.sh"]

backend/start.sh

@@ -3,10 +3,20 @@
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 cd "$SCRIPT_DIR" || exit
 
+KEY_FILE=.webui_secret_key
+
 PORT="${PORT:-8080}"
-if test -f docker_secret_key && test "$WEBUI_SECRET_KEY" = ""; then
-  echo Using generated DOCKER_SECRET_KEY
-  WEBUI_SECRET_KEY=`cat docker_secret_key`
+if ["$WEBUI_SECRET_KEY" = ""]; then
+  echo No WEBUI_SECRET_KEY provided
+
+  if ! [ -e "$KEY_FILE" ]; then
+    echo Generating WEBUI_SECRET_KEY
+    # Generate a random value to use as a WEBUI_SECRET_KEY in case the user didn't provide one.
+    echo $(head -c 12 /dev/random | base64) > $KEY_FILE
+  fi
+
+  echo Loading WEBUI_SECRET_KEY from $KEY_FILE
+  WEBUI_SECRET_KEY=`cat $KEY_FILE`
 fi
 
 WEBUI_SECRET_KEY="$WEBUI_SECRET_KEY" exec uvicorn main:app --host 0.0.0.0 --port "$PORT" --forwarded-allow-ips '*'