Add support to specify secrets in services

**What**
- During function creation, accept an array of strings defining swarm secrets
that are required for the service
- Update docs
- Add new guide on using the secrets capability
- Add new sample function to highlight using environment variables
- Update `ApiKeyProtected` sample function to utilize the new secrets
capabilities

**Why**
- This allows secrets to remain encrypted at rest instead of being unencrypted
in environment variables and yaml files.

Fixes #285

Signed-off-by: Lucas Roesler <lucas.roesler@gmail.com>

sample-functions/ApiKeyProtected/README.md

@@ -1,6 +1,6 @@
 ### Api-Key-Protected sample
 
-To use this sample provide an env variable for the container/service in `secret_api_key`.
+To use this sample provide a secret for the container/service in `secret_api_key` using [Docker Swarm Secret](https://docs.docker.com/engine/swarm/secrets/#defining-and-using-secrets-in-compose-files).
 
 Then when calling via the gateway pass the additional header "X-Api-Key", if it matches the `secret_api_key` value then the function will give access, otherwise access denied.
 

sample-functions/ApiKeyProtected/handler.go

@@ -4,15 +4,21 @@ import (
 	"fmt"
 	"io/ioutil"
 	"log"
-	"net/http"
 	"os"
-
-	"github.com/openfaas/faas/watchdog/types"
+	"strings"
 )
 
-func handle(header http.Header, body []byte) {
-	key := header.Get("X-Api-Key")
-	if key == os.Getenv("secret_api_key") {
+func handle(body []byte) {
+	key := os.Getenv("Http_X_Api_Key")
+
+	secretBytes, err := ioutil.ReadFile("/run/secrets/secret_api_key")
+	if err != nil {
+		log.Fatal(err)
+	}
+
+	secret := strings.TrimSpace(string(secretBytes))
+
+	if key == secret {
 		fmt.Println("Unlocked the function!")
 	} else {
 		fmt.Println("Access denied!")
@@ -21,9 +27,5 @@ func handle(header http.Header, body []byte) {
 
 func main() {
 	bytes, _ := ioutil.ReadAll(os.Stdin)
-	req, err := types.UnmarshalRequest(bytes)
-	if err != nil {
-		log.Fatal(err)
-	}
-	handle(req.Header, req.Body.Raw)
+	handle(bytes)
 }