1

I am using Docker CE 17.09-1. I am leveraging Docker Swarm and have deployed a Stack with multiple services.

I've decided to use Docker Secrets for various credentials. One of the services I am running requires that I enter the database username and password in a configuration file. I have created two secrets for each required credential and I see the read-only files under /run/secrets/ in the container. How do I insert the contents of those files into my configuration file? My config file is a .ini file, and contains a number of values.

Thank you in advance for any suggestions.

Improve this question

2 Answers 2

Reset to default
1

What I considered before is to modify my ENTRYPOINT or CMD script in order for that script to modify or generate my local config file (a template), valued with the secrets read at runtime in /run/secrets.

Then the same script would launch the service in foreground, once the configuration files are properly generated/valued.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Depending on the service, you may be able to set the path to the secrets file (within /run/secrets) in an environment variable, or else either point to the secrets file in the .ini file or mount the secrets file where the image is expecting the secret

For an example of the former, look at the mysql image on Docker Hub - as indicated https://hub.docker.com/_/mysql/ :

As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/ files.

For an example of the latter, see the rabbitmq image on Docker Hub. As noted https://hub.docker.com/_/rabbitmq/ :

If you wish to provide the cookie via a file (such as with Docker Secrets), it needs to be mounted at /var/lib/rabbitmq/.erlang.cookie:

Improve this answer

1 Comment

That seems more precise/detailed than my answer. +1

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.