From 97b56581ed1e3d68c0a3a886d766cda9edf68239 Mon Sep 17 00:00:00 2001
From: Nikholas Pcenicni <82239765+nikpcenicni@users.noreply.github.com>
Date: Sat, 28 Mar 2026 17:46:08 -0400
Subject: [PATCH] Update README.md and .env.sample for Versity S3 Gateway
 configuration. Change path in README to reflect new directory structure and
 clarify environment variable usage for credentials. Modify .env.sample to
 include additional credential options and improve documentation for setting
 up the environment. Adjust compose.yaml to utilize pass-through environment
 variables, enhancing security and usability for deployment.

---
 README.md                        | 4 ++--
 komodo/s3/versitygw/.env.sample  | 6 ++++++
 komodo/s3/versitygw/compose.yaml | 8 ++++++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 049e4ba..aae84bf 100644
--- a/README.md
+++ b/README.md
@@ -180,11 +180,11 @@ Shared services used across multiple applications.
 
 **Configuration:** Requires Pangolin endpoint URL, Newt ID, and Newt secret.
 
-### versitygw/ (`komodo/common/versitygw/`)
+### versitygw/ (`komodo/s3/versitygw/`)
 
 - **[Versity S3 Gateway](https://github.com/versity/versitygw)** (Port: 10000 by default) - S3-compatible API over a POSIX directory (named Docker volumes). Use as shared object storage for apps that expect S3; pair with clients using path-style URLs and your LAN hostname or reverse proxy.
 
-**Configuration:** Requires `ROOT_ACCESS_KEY` and `ROOT_SECRET_KEY` for the bundled IAM directory mode. Optional `VERSITYGW_PORT` for the published host port.
+**Configuration:** Set either `ROOT_ACCESS_KEY` / `ROOT_SECRET_KEY` or `ROOT_ACCESS_KEY_ID` / `ROOT_SECRET_ACCESS_KEY`. Optional `VERSITYGW_PORT`. The compose file uses pass-through env (not `${VAR}`) so secrets from the deploy environment (e.g. Komodo) are not blanked by interpolation; if the UI does not export vars to the compose process, use a `.env` beside `compose.yaml` with those names.
 
 ---
 
diff --git a/komodo/s3/versitygw/.env.sample b/komodo/s3/versitygw/.env.sample
index a0bceb4..ae26c5e 100644
--- a/komodo/s3/versitygw/.env.sample
+++ b/komodo/s3/versitygw/.env.sample
@@ -1,9 +1,15 @@
 # Versity S3 Gateway — root credentials for the flat-file IAM backend.
 # Copy to `.env` and set strong values before `docker compose up -d`.
 # https://github.com/versity/versitygw/wiki/Quickstart
+#
+# Set either pair (same names as the Kubernetes Helm chart):
+#   ROOT_ACCESS_KEY + ROOT_SECRET_KEY
+#   ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY
 
 ROOT_ACCESS_KEY=
 ROOT_SECRET_KEY=
+# ROOT_ACCESS_KEY_ID=
+# ROOT_SECRET_ACCESS_KEY=
 
 # Host port mapped to the gateway (container listens on 10000).
 VERSITYGW_PORT=10000
diff --git a/komodo/s3/versitygw/compose.yaml b/komodo/s3/versitygw/compose.yaml
index 1833ce4..ee087e4 100644
--- a/komodo/s3/versitygw/compose.yaml
+++ b/komodo/s3/versitygw/compose.yaml
@@ -6,8 +6,12 @@ services:
     container_name: versitygw
     restart: unless-stopped
     environment:
-      - ROOT_ACCESS_KEY=${ROOT_ACCESS_KEY}
-      - ROOT_SECRET_KEY=${ROOT_SECRET_KEY}
+      # Pass-through (no `${VAR}`): avoids empty interpolation when secrets are
+      # only in the deploy environment (e.g. Komodo) or not in `.env`.
+      - ROOT_ACCESS_KEY
+      - ROOT_SECRET_KEY
+      - ROOT_ACCESS_KEY_ID
+      - ROOT_SECRET_ACCESS_KEY
       # Matches Helm chart default; enables `/_/health` for probes.
       - VGW_HEALTH=/_/health
     ports: