feat: add AUTH_TOKEN_FILE support for Docker secrets (v2.7.5)

- Add AUTH_TOKEN_FILE environment variable support for reading auth tokens from files - Support Docker secrets pattern for production deployments - Add Known Issues section documenting Claude Desktop container duplication bug - Update documentation with authentication options and best practices - Fix issue #16: AUTH_TOKEN_FILE was documented but not implemented - Add comprehensive tests for AUTH_TOKEN_FILE functionality BREAKING CHANGE: None - AUTH_TOKEN continues to work as before 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-06 18:32:15 +02:00
parent 35e4cf0da4
commit 2a5c4ec6eb
7 changed files with 395 additions and 15 deletions
--- a/docs/DOCKER_README.md
+++ b/docs/DOCKER_README.md
@@ -59,11 +59,14 @@ docker run -d \
 | Variable | Description | Default | Required |
 |----------|-------------|---------|----------|
 | `MCP_MODE` | Server mode: `stdio` or `http` | `stdio` | No |
-| `AUTH_TOKEN` | Bearer token for HTTP authentication | - | Yes (HTTP mode) |
+| `AUTH_TOKEN` | Bearer token for HTTP authentication | - | Yes (HTTP mode)* |
+| `AUTH_TOKEN_FILE` | Path to file containing auth token (v2.7.5+) | - | Yes (HTTP mode)* |
 | `PORT` | HTTP server port | `3000` | No |
 | `NODE_ENV` | Environment: `development` or `production` | `production` | No |
 | `LOG_LEVEL` | Logging level: `debug`, `info`, `warn`, `error` | `info` | No |

+*Either `AUTH_TOKEN` or `AUTH_TOKEN_FILE` must be set for HTTP mode. If both are set, `AUTH_TOKEN` takes precedence.
+
 ### Docker Compose Configuration

 The default `docker-compose.yml` provides:
@@ -238,18 +241,40 @@ docker inspect n8n-mcp | jq '.[0].State.Health'

 ### Authentication

- Always use a strong AUTH_TOKEN (minimum 32 characters)
- Never commit tokens to version control
- Rotate tokens regularly
+n8n-MCP supports two authentication methods for HTTP mode:
+
+#### Method 1: AUTH_TOKEN (Environment Variable)
+- Set the token directly as an environment variable
+- Simple and straightforward for basic deployments
+- Always use a strong token (minimum 32 characters)

 ```bash
 # Generate secure token
 openssl rand -base64 32

-# Or use uuidgen
-uuidgen | tr -d '-' | base64
+# Use in Docker
+docker run -e AUTH_TOKEN=your-secure-token ...
 ```

+#### Method 2: AUTH_TOKEN_FILE (File Path) - NEW in v2.7.5
+- Read token from a file (Docker secrets compatible)
+- More secure for production deployments
+- Prevents token exposure in process lists
+
+```bash
+# Create token file
+echo "your-secure-token" > /path/to/token.txt
+
+# Use with Docker secrets
+docker run -e AUTH_TOKEN_FILE=/run/secrets/auth_token ...
+```
+
+#### Best Practices
+- Never commit tokens to version control
+- Rotate tokens regularly
+- Use AUTH_TOKEN_FILE with Docker secrets for production
+- Ensure token files have restricted permissions (600)
+
 ### Network Security

 For production deployments: