Allows flags containing sensitive stuff to be passed as files (#545)

* Allows options containing sensitive stuff (passwords, tokens) to be passed as a file instead

* Fixed linter error, added tests, removed notification-url (due to being an array)

internal/flags/flags_test.go

@@ -1,6 +1,7 @@
 package flags
 
 import (
+	"io/ioutil"
 	"os"
 	"testing"
 
@@ -39,3 +40,42 @@ func TestEnvConfig_Custom(t *testing.T) {
 	// Re-enable this test when we've moved to github actions.
 	// assert.Equal(t, "1.99", os.Getenv("DOCKER_API_VERSION"))
 }
+
+func TestGetSecretsFromFilesWithString(t *testing.T) {
+	value := "supersecretstring"
+
+	err := os.Setenv("WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD", value)
+	require.NoError(t, err)
+
+	testGetSecretsFromFiles(t, "notification-email-server-password", value)
+}
+
+func TestGetSecretsFromFilesWithFile(t *testing.T) {
+	value := "megasecretstring"
+
+	// Create the temporary file which will contain a secret.
+	file, err := ioutil.TempFile(os.TempDir(), "watchtower-")
+	require.NoError(t, err)
+	defer os.Remove(file.Name()) // Make sure to remove the temporary file later.
+
+	// Write the secret to the temporary file.
+	secret := []byte(value)
+	_, err = file.Write(secret)
+	require.NoError(t, err)
+
+	err = os.Setenv("WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD", file.Name())
+	require.NoError(t, err)
+
+	testGetSecretsFromFiles(t, "notification-email-server-password", value)
+}
+
+func testGetSecretsFromFiles(t *testing.T, flagName string, expected string) {
+	cmd := new(cobra.Command)
+	SetDefaults()
+	RegisterNotificationFlags(cmd)
+	GetSecretsFromFiles(cmd)
+	value, err := cmd.PersistentFlags().GetString(flagName)
+	require.NoError(t, err)
+
+	assert.Equal(t, expected, value)
+}