Untitled

If the Java arguments vary between different deployments, it's best to keep the flexibility of defining these at runtime via the `podman run` command, rather than hard-coding them in the Dockerfile or a script. To manage this while ensuring that secrets and environment variables are handled securely and correctly, you can use an intermediary script that allows for passing these runtime arguments dynamically.

### Solution: Using an Intermediary Script

You'll create an entry script that serves as the ENTRYPOINT in your Dockerfile, which reads an environment variable for the Java options. This way, you can change the Java arguments dynamically at container start without modifying the Docker image or the Dockerfile itself.

1. **Create a Wrapper Script (`entrypoint.sh`)**:
   ```bash
   #!/bin/sh
   # Display a startup message with the secret (optional, for debugging)
   echo "Starting Java application with JASYPT_ENC_PASS: $JASYPT_ENC_PASS"
   
   # Execute the Java command with dynamically provided arguments from JAVA_OPTS environment variable
   exec java $JAVA_OPTS -jar /opt/pulse/pulse-portal-backend.jar
   ```

   Make sure the script is executable (`chmod +x entrypoint.sh`).

2. **Modify the Dockerfile** to use this script:
   ```Dockerfile
   # Copy the entrypoint script
   COPY entrypoint.sh /opt/pulse/entrypoint.sh

   # Set the entrypoint
   ENTRYPOINT ["/opt/pulse/entrypoint.sh"]
   ```

3. **Build your Docker Image**:
   ```bash
   podman build -t your-custom-image-name .
   ```

4. **Run the Container with Dynamic Java Arguments**:
   You can now pass different Java arguments by setting the `JAVA_OPTS` environment variable when starting your container.
   ```bash
   podman run --rm --name pulse-portal-backend -d \
       --secret=jasypt-encryption-password,type=env,target=JASYPT_ENC_PASS \
       -e GOOGLE_APPLICATION_CREDENTIALS=/opt/pulse/dev-dbfeeds.json \
       -e JAVA_OPTS="-Dhttps.proxyHost=dev-net-proxy.intranet.db.com -Dhttps.proxyPort=8080 -Djavax.net.ssl.trustStore=/opt/pulse/truststore.jks -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStorePassword=dbca2020 -Dspring.config.location=file:/opt/pulse/application.yaml -Djasypt.encryptor.password=$JASYPT_ENC_PASS" \
       -v /home/wmanltc/pulse/pulse-portal-backend/application.yaml:/opt/pulse/application.yaml \
       -v /home/wmanltc/pulse/pulse-portal-backend/certs/keystore.jks:/opt/pulse/keystore.jks \
       -v /home/wmanltc/pulse/pulse-portal-backend/certs/truststore.jks:/opt/pulse/truststore.jks \
       -v /home/wmanltc/pulse/pulse-portal-backend/dev-dbfeeds.json:/opt/pulse/dev-dbfeeds.json \
       -v /home/wmanltc/pulse/oracle_wallet/:/opt/pulse/oracle_wallet \
       --network=pulse-net -p 8082:8082 \
       your-custom-image-name
   ```

This method enables you to customize Java properties at runtime easily and keeps the configuration flexible and secure by utilizing environment variables for sensitive information.