how do you manage secret values with docker-compose v3.1?

by

You can read the corresponding section from the official documentation.

To use secrets you need to add two things into your docker-compose.yml file. First, a top-level secrets: block that defines all of the secrets. Then, another secrets: block under each service that specifies which secrets the service should receive.

As an example, create the two types of secrets that Docker will understand: external secrets and file secrets.

1. Create an ‘external’ secret using docker secret create

First thing: to use secrets with Docker, the node you are on must be part of a swarm.

$ docker swarm init

Next, create an ‘external’ secret:

$ echo "This is an external secret" | docker secret create my_external_secret -

(Make sure to include the final dash, -. It’s easy to miss.)

2. Write another secret into a file

$ echo "This is a file secret." > my_file_secret.txt

3. Create a docker-compose.yml file that uses both secrets

Now that both types of secrets are created, here is the docker-compose.yml file that will read both of those and write them to the web service:

version: '3.1'

services:
  web:
    image: nginxdemos/hello
    secrets:                    # secrets block only for 'web' service
     - my_external_secret
     - my_file_secret

secrets:                        # top level secrets block
  my_external_secret:
    external: true
  my_file_secret:
    file: my_file_secret.txt

Docker can read secrets either from its own database (e.g. secrets made with docker secret create) or from a file. The above shows both examples.

4. Deploy your test stack

Deploy the stack using:

$ docker stack deploy --compose-file=docker-compose.yml secret_test

This will create one instance of the web service, named secret_test_web.

5. Verify that the container created by the service has both secrets

Use docker exec -ti [container] /bin/sh to verify that the secrets exist.

(Note: in the below docker exec command, the m2jgac... portion will be different on your machine. Run docker ps to find your container name.)

$ docker exec -ti secret_test_web.1.m2jgacogzsiaqhgq1z0yrwekd /bin/sh

# Now inside secret_test_web; secrets are contained in /run/secrets/
root@secret_test_web:~$ cd /run/secrets/

root@secret_test_web:/run/secrets$ ls
my_external_secret  my_file_secret

root@secret_test_web:/run/secrets$ cat my_external_secret
This is an external secret

root@secret_test_web:/run/secrets$ cat my_file_secret
This is a file secret.

If all is well, the two secrets we created in steps 1 and 2 should be inside the web container that was created when we deployed our stack.

More Related Contents:

  1. Docker Compose wait for container X before starting Y
  2. How to fix docker: Got permission denied issue
  3. Using Docker-Compose, how to execute multiple commands
  4. What is the difference between docker-compose ports vs expose
  5. How to mount a single file in a volume
  6. Docker: How to clear the logs properly for a Docker container?
  7. Provide static IP to docker containers via docker-compose
  8. How to specify Memory & CPU limit in docker compose version 3
  9. How to pass arguments within docker-compose?
  10. How to get docker-compose to always re-create containers from fresh images?
  11. How do I mount a host directory as a volume in docker compose
  12. Docker COPY from ubuntu absolute path
  13. What is the difference between ports and expose in docker-compose?
  14. How to use environment variables in docker-compose?
  15. How do I set hostname in docker-compose?
  16. How to mount local volumes in docker machine
  17. Is it safe to clean docker/overlay2/
  18. An error, “failed to solve with frontend dockerfile.v0”
  19. Difference between links and depends_on in docker_compose.yml
  20. Docker Compose keep container running
  21. Using docker-compose with CI – how to deal with exit codes and daemonized linked containers?
  22. Kafka access inside and outside docker [duplicate]
  23. How do I configure docker compose to expose ports correctly?
  24. How to pass arguments to a Dockerfile?
  25. How to tag docker image with docker-compose
  26. Pass argument to docker compose
  27. Docker-compose exit code is 137 when there is no OOM exception
  28. Docker 1.10 access a container by its hostname from a host machine
  29. Difference between “docker compose” and “docker-compose”
  30. how to get docker-compose to use the latest image from repository

Leave a Comment