Load secrets from files if _FILE vars are set

capsulflask/__init__.py

@@ -26,8 +26,24 @@ class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
+
 load_dotenv(find_dotenv())
 
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_PUBLISHABLE_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE", False)
+  if not var:
+    continue
+
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
 app = Flask(__name__)
 
 app.config.from_mapping(