feat: add VPNsecure.me support (#848)

- `OPENVPN_ENCRYPTED_KEY` environment variable 
- `OPENVPN_ENCRYPTED_KEY_SECRETFILE` environment variable 
- `OPENVPN_KEY_PASSPHRASE` environment variable 
- `OPENVPN_KEY_PASSPHRASE_SECRETFILE` environment variable 
- `PREMIUM_ONLY` environment variable
- OpenVPN user and password not required for vpnsecure provider

internal/configuration/sources/env/openvpn.go

@@ -11,7 +11,8 @@ import (
 func (r *Reader) readOpenVPN() (
 	openVPN settings.OpenVPN, err error) {
 	defer func() {
-		err = unsetEnvKeys([]string{"OPENVPN_KEY", "OPENVPN_CERT"}, err)
+		err = unsetEnvKeys([]string{"OPENVPN_KEY", "OPENVPN_CERT",
+			"OPENVPN_KEY_PASSPHRASE", "OPENVPN_ENCRYPTED_KEY"}, err)
 	}()
 
 	openVPN.Version = getCleanedEnv("OPENVPN_VERSION")
@@ -40,6 +41,13 @@ func (r *Reader) readOpenVPN() (
 		return openVPN, fmt.Errorf("environment variable OPENVPN_KEY: %w", err)
 	}
 
+	openVPN.EncryptedKey, err = readBase64OrNil("OPENVPN_ENCRYPTED_KEY")
+	if err != nil {
+		return openVPN, fmt.Errorf("environment variable OPENVPN_ENCRYPTED_KEY: %w", err)
+	}
+
+	openVPN.KeyPassphrase = r.readOpenVPNKeyPassphrase()
+
 	openVPN.PIAEncPreset = r.readPIAEncryptionPreset()
 
 	openVPN.IPv6, err = envToBoolPtr("OPENVPN_IPV6")
@@ -94,6 +102,15 @@ func (r *Reader) readOpenVPNPassword() (password *string) {
 	return password
 }
 
+func (r *Reader) readOpenVPNKeyPassphrase() (passphrase *string) {
+	passphrase = new(string)
+	*passphrase = getCleanedEnv("OPENVPN_KEY_PASSPHRASE")
+	if *passphrase == "" {
+		return nil
+	}
+	return passphrase
+}
+
 func readBase64OrNil(envKey string) (valueOrNil *string, err error) {
 	value := getCleanedEnv(envKey)
 	if value == "" {

internal/configuration/sources/env/serverselection.go

@@ -77,6 +77,12 @@ func (r *Reader) readServerSelection(vpnProvider, vpnType string) (
 		return ss, fmt.Errorf("environment variable FREE_ONLY: %w", err)
 	}
 
+	// VPNSecure only
+	ss.PremiumOnly, err = envToBoolPtr("PREMIUM_ONLY")
+	if err != nil {
+		return ss, fmt.Errorf("environment variable PREMIUM_ONLY: %w", err)
+	}
+
 	// VPNUnlimited only
 	ss.MultiHopOnly, err = envToBoolPtr("MULTIHOP_ONLY")
 	if err != nil {

internal/configuration/sources/files/openvpn.go

@@ -11,6 +11,7 @@ const (
 	OpenVPNClientKeyPath = "/gluetun/client.key"
 	// OpenVPNClientCertificatePath is the OpenVPN client certificate filepath.
 	OpenVPNClientCertificatePath = "/gluetun/client.crt"
+	openVPNEncryptedKey          = "/gluetun/openvpn_encrypted_key"
 )
 
 func (r *Reader) readOpenVPN() (settings settings.OpenVPN, err error) {
@@ -24,5 +25,10 @@ func (r *Reader) readOpenVPN() (settings settings.OpenVPN, err error) {
 		return settings, fmt.Errorf("client certificate: %w", err)
 	}
 
+	settings.EncryptedKey, err = ReadFromFile(openVPNEncryptedKey)
+	if err != nil {
+		return settings, fmt.Errorf("reading encrypted key file: %w", err)
+	}
+
 	return settings, nil
 }

internal/configuration/sources/secrets/openvpn.go

@@ -32,6 +32,22 @@ func readOpenVPN() (
 		return settings, fmt.Errorf("cannot read client key file: %w", err)
 	}
 
+	settings.EncryptedKey, err = readSecretFileAsStringPtr(
+		"OPENVPN_ENCRYPTED_KEY_SECRETFILE",
+		"/run/secrets/openvpn_encrypted_key",
+	)
+	if err != nil {
+		return settings, fmt.Errorf("reading encrypted key file: %w", err)
+	}
+
+	settings.KeyPassphrase, err = readSecretFileAsStringPtr(
+		"OPENVPN_KEY_PASSPHRASE_SECRETFILE",
+		"/run/secrets/openvpn_key_passphrase",
+	)
+	if err != nil {
+		return settings, fmt.Errorf("reading key passphrase file: %w", err)
+	}
+
 	settings.Cert, err = readSecretFileAsStringPtr(
 		"OPENVPN_CLIENTCRT_SECRETFILE",
 		"/run/secrets/openvpn_clientcrt",