diff --git a/src/Framework/Config/DockerSecretsResolver.php b/src/Framework/Config/DockerSecretsResolver.php index 0fb84ad2..09d826f4 100644 --- a/src/Framework/Config/DockerSecretsResolver.php +++ b/src/Framework/Config/DockerSecretsResolver.php @@ -44,6 +44,15 @@ final readonly class DockerSecretsResolver } try { + // Normalize file path: if path doesn't start with /run/secrets, prepend it + // This handles Docker Swarm secrets which may only provide the secret name + // Example: /redis_password -> /run/secrets/redis_password + if (!str_starts_with($filePath, '/run/secrets/') && str_starts_with($filePath, '/')) { + // Path starts with / but not /run/secrets/, likely a secret name + $secretName = ltrim($filePath, '/'); + $filePath = '/run/secrets/' . $secretName; + } + $file = FilePath::create($filePath); if (!$file->exists() || !$file->isReadable()) { diff --git a/src/Framework/Core/AppBootstrapper.php b/src/Framework/Core/AppBootstrapper.php index 110e7aa4..36ea1243 100644 --- a/src/Framework/Core/AppBootstrapper.php +++ b/src/Framework/Core/AppBootstrapper.php @@ -104,9 +104,14 @@ final readonly class AppBootstrapper error_log("Expected file path: $expectedFile"); error_log("File exists: " . (file_exists($expectedFile) ? 'YES' : 'NO')); error_log("File readable: " . (is_readable($expectedFile) ? 'YES' : 'NO')); - if (file_exists($expectedFile) && is_readable($expectedFile)) { - $content = file_get_contents($expectedFile); - error_log("File content length: " . strlen($content ?? '')); + if (file_exists($expectedFile)) { + error_log("File permissions: " . substr(sprintf('%o', fileperms($expectedFile)), -4)); + error_log("File owner: " . fileowner($expectedFile)); + error_log("Current process user: " . getmyuid()); + if (is_readable($expectedFile)) { + $content = file_get_contents($expectedFile); + error_log("File content length: " . strlen($content ?? '')); + } } error_log("------------------------------------");