docker-secrets

docker-compose secrets without swarm

十年热恋 提交于 2020-07-18 03:50:24
问题 I don't want to use docker secrets with swarm and I discovered that it's possible to do that. Basically docker just mounts /run/secrets inside docker container, but when I enter the newly built docker container and do echo $POSTGRES_PASSWORD_FILE I get the path to my secret file. root@94a0f092eeb1:/# echo $POSTGRES_PASSWORD_FILE /run/secrets/db_password Here is my docker-compose.yml file version: '3.1' services: postgres: image: postgres:9.4 container_name: postgres environment: POSTGRES_USER

docker-compose secrets without swarm

て烟熏妆下的殇ゞ 提交于 2020-07-18 03:50:09
问题 I don't want to use docker secrets with swarm and I discovered that it's possible to do that. Basically docker just mounts /run/secrets inside docker container, but when I enter the newly built docker container and do echo $POSTGRES_PASSWORD_FILE I get the path to my secret file. root@94a0f092eeb1:/# echo $POSTGRES_PASSWORD_FILE /run/secrets/db_password Here is my docker-compose.yml file version: '3.1' services: postgres: image: postgres:9.4 container_name: postgres environment: POSTGRES_USER

Why are Docker Secrets considered safe?

空扰寡人 提交于 2019-12-19 08:11:14
问题 I read about docker swarm secrets and did also some testing. As far as I understood the secrets can replace sensitive environment variables provided in a docker-compose.yml file (e.g. database passwords). As a result when I inspect the docker-compose file or the running container I will not see the password. That's fine - but what does it really help? If an attacker is on my docker host, he can easily take a look into the /run/secrets docker exec -it df2345a57cea ls -la /run/secrets/ and can

How can I remotely connect to docker swarm?

社会主义新天地 提交于 2019-11-29 18:28:32
问题 Is it possible to execute commands on a docker swarm cluster hosted in cloud from my local mac? If yes, how? I want to execute command such as following on docker swarm from my local: docker create secret my-secret <address to local file> docker service create --name x --secrets my-secret image 回答1: Answer to the question can be found here. What one needs to do for ubuntu machine is define daemon.json file at path /etc/docker with following content: { "hosts": ["tcp://0.0.0.0:2375", "unix://

how do you manage secret values with docker-compose v3.1?

强颜欢笑 提交于 2019-11-27 18:07:07
Version 3.1 of the docker-compose.yml specification introduces support for secrets . I tried this: version: '3.1' services: a: image: tutum/hello-world secret: password: the_password b: image: tutum/hello-world $ docker-compose up returns: Unsupported config option for services.secret: 'password' How can we use the secrets feature in practice? Mike Hearn You can read the corresponding section from the official documentation . To use secrets you need to add two things into your docker-compose.yml file. First, a top-level secrets: block that defines all of the secrets. Then, another secrets:

how do you manage secret values with docker-compose v3.1?

女生的网名这么多〃 提交于 2019-11-26 19:14:20
问题 Version 3.1 of the docker-compose.yml specification introduces support for secrets. I tried this: version: '3.1' services: a: image: tutum/hello-world secret: password: the_password b: image: tutum/hello-world $ docker-compose up returns: Unsupported config option for services.secret: 'password' How can we use the secrets feature in practice? 回答1: You can read the corresponding section from the official documentation. To use secrets you need to add two things into your docker-compose.yml file