Update docker

.dockerignore

@@ -5,3 +5,6 @@
 **/__pycache__
 .ruff_cache
 **/.testing
+packages/sshecret-admin/sshecret_admin.db
+packages/sshecret-admin/sshecret_admin-key
+packages/sshecret-admin/keepass.kdbx

docker/Dockerfile.admin

@@ -16,6 +16,9 @@ FROM python:3.13-slim-bookworm
 
 COPY --from=builder --chown=app:app /build/dist /opt/sshecret
 
+COPY packages/sshecret-admin /opt/sshecret-admin
+COPY docker/admin.entrypoint.sh /entrypoint.sh
+
 RUN pip install /opt/sshecret/sshecret-*.whl
 RUN pip install /opt/sshecret/sshecret_admin-*.whl
 
@@ -25,6 +28,4 @@ VOLUME /opt/sshecret-admin
 
 WORKDIR /opt/sshecret-admin
 
-ENTRYPOINT [ "sshecret-admin" ]
-
-CMD ["run", "--host", "0.0.0.0"]
+CMD ["/entrypoint.sh"]

docker/admin.entrypoint.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+fail() {
+    printf '%s\n' "$1" >&2 ## Send message to stderr.
+    exit "${2-1}"          ## Return a code specified by $2, or 1 by default.
+}
+
+[[ -d migrations ]] || fail "Error: Must be run from the backend directory."
+
+export SSHECRET_ADMIN_DATABASE="/opt/sshecret-admin/sshecret_admin.db"
+export SSHECRET_ADMIN_PASSWORD_MANAGER_DIRECTORY="/opt/sshecret-admin"
+
+alembic upgrade head
+
+sshecret-admin run --host 0.0.0.0

src/sshecret/crypto.py

@@ -124,7 +124,7 @@ def create_private_rsa_key(filename: Path, password: str | None = None) -> None:
     A password may be provided for secure storage.
     """
     if filename.exists():
-        raise RuntimeError("Error: private key file already exists.")
+        raise RuntimeError(f"Error: private key file already exists at {filename}.")
     LOG.debug("Generating private RSA key at %s", filename)
     private_key = generate_private_key()
     encryption_algorithm = serialization.NoEncryption()