From d7cfb6ded5b6d189872f387e8d313b09f691457b Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Wed, 4 Mar 2026 15:41:13 -0800
Subject: [PATCH] feat: pass Mollie API key via docker-compose, prioritize env
 vars over Infisical

Docker-compose env vars now take precedence over Infisical secrets,
allowing production keys to be set directly in .env without needing
Infisical write access.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 docker-compose.yml | 1 +
 entrypoint.sh      | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/docker-compose.yml b/docker-compose.yml
index 925e3a4..f7a05f8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,7 @@ services:
       - LISTMONK_DB_USER=listmonk
       - LISTMONK_DB_PASS=${LISTMONK_DB_PASS:-listmonk_secure_2025}
       - LISTMONK_LIST_ID=24
+      - MOLLIE_API_KEY=${MOLLIE_API_KEY}
     depends_on:
       votc-db:
         condition: service_healthy
diff --git a/entrypoint.sh b/entrypoint.sh
index e82770e..0bafb14 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -58,7 +58,9 @@ const get = (path, token) => new Promise((resolve, reject) => {
     if (!secrets.secrets) { console.error('[infisical] No secrets returned'); process.exit(1); }
 
     // Output as shell-safe export statements
+    // Skip vars already set via docker-compose (env vars take precedence over Infisical)
     for (const s of secrets.secrets) {
+      if (process.env[s.secretKey]) continue;
       // Single-quote the value to prevent shell expansion, escape existing single quotes
       const escaped = s.secretValue.replace(/'/g, \"'\\\\''\" );
       console.log('export ' + s.secretKey + \"='\" + escaped + \"'\");