Docker Entrypoint for Secret Mounts

Author: FaserF

Dockerfile

@@ -38,7 +38,8 @@ EXPOSE 8080
 ENV FLET_SERVER_IP=0.0.0.0
 ENV FLET_SERVER_PORT=8080
 ENV FLET_FORCE_WEB_SOCKET=true
-ENV FLET_SECRET=switchcraft_secure_session
+# FLET_SECRET should be passed at runtime for security
+# ENV FLET_SECRET=change_me_at_runtime
 ENV FLET_REMOTE_ADDR_HEADER=X-Forwarded-For
 ENV FLET_WEB_URL=http://localhost:8080
 ENV FLET_ENTRY_URL=http://localhost:8080
@@ -49,6 +50,13 @@ ENV SC_DISABLE_WINGET_INSTALL=1
 # Create symlink for assets so Flet can find them at /app/assets
 RUN ln -s /app/src/switchcraft/assets /app/assets
 
+# Copy entrypoint script
+COPY docker-entrypoint.sh /docker-entrypoint.sh
+RUN chmod +x /docker-entrypoint.sh
+
+# Set entrypoint
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
 # Command to run the application using the Auth Proxy Server
 # Added --proxy-headers and --forwarded-allow-ips='*' to fix UUID hostname issues in Docker/K8s
 CMD ["uvicorn", "switchcraft.server.app:app", "--host", "0.0.0.0", "--port", "8080", "--proxy-headers", "--forwarded-allow-ips='*'"]

docker-entrypoint.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+# Definition of the secret file path
+# Defaults to /run/secrets/flet_secret if not set via env
+: ${FLET_SECRET_FILE:=/run/secrets/flet_secret}
+
+# Check if the secret file exists
+if [ -f "$FLET_SECRET_FILE" ]; then
+    echo "Files based secret found at $FLET_SECRET_FILE. Exporting FLET_SECRET..."
+    export FLET_SECRET=$(cat "$FLET_SECRET_FILE")
+fi
+
+# Execute the CMD passed to the docker container
+exec "$@"

pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "switchcraft"
-version = "2026.1.5b4"
+version = "2026.1.5b4.dev0+4d8700a"
 description = "A comprehensive enterprise IT platform for software packaging, analysis, and Intune management."
 readme = "README.md"
 authors = [{ name = "FaserF" }]
@@ -21,8 +21,6 @@ dependencies = [
     "click",
     "rich",
     "PyYAML",
-    "openai",
-    "google-generativeai",
     "defusedxml",
     "PyJWT",
     "anyio>=4.12.1",
@@ -66,6 +64,11 @@ web-server = [
     "webauthn"
 ]
 
+ai = [
+    "openai",
+    "google-generativeai"
+]
+
 [project.scripts]
 switchcraft = "switchcraft.main:main"
 

src/switchcraft/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "2026.1.5b4"
+__version__ = "2026.1.5b4.dev0+4d8700a"
 
 import sys
 IS_WEB = sys.platform == "emscripten"