Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

docker-compose secrets without swarm

Tags:

docker

docker-compose

docker-secrets

I don't want to use docker secrets with swarm and I discovered that it's possible to do that. Basically docker just mounts /run/secrets inside docker container, but when I enter the newly built docker container and do echo $POSTGRES_PASSWORD_FILE I get the path to my secret file.

root@94a0f092eeb1:/# echo $POSTGRES_PASSWORD_FILE
/run/secrets/db_password

Here is my docker-compose.yml file

version: '3.1'
services:
    postgres:
        image: postgres:9.4
        container_name: postgres
        environment:
            POSTGRES_USER: "db_user"
            POSTGRES_PASSWORD_FILE: /run/secrets/db_password
            POSTGRES_DB: "my_db"
        secrets:
          - db_password
        volumes:
            - ./postgres:/var/lib/postgresql/data
        expose:
            - 5432
secrets:
   db_password:
     file: ./POSTGRES_PASSWORD.txt

Is my password set correctly/ Is there something wrong with my file?

like image 720
HereHere Avatar asked Dec 12 '18 20:12

HereHere

People also ask

How do I store secrets in docker compose?

Defining Secrets in Compose Files The secret's value will be read from your working directory's db_password. txt file when you run docker-compose up . Compose will mount the file to /run/secrets/db_password within the container. Your app can access the database password by reading the contents of the secret file.

How do I access docker secrets?

Accessing Secrets. Docker makes secrets available to our applications as files. The default behavior is to make each secret its own file in the directory /run/secrets. Using our earlier example, the contents of my_secret would be available in the file /run/secrets/my_secret.

What is the default location of secrets inside a docker container?

The secrets are stored in the encrypted Raft logs for the swarm. (To learn more about the encrypted Raft logs, see here.)

1 Answers

Ok, so all I had to do is to remove 

volumes:
    - ./postgres:/var/lib/postgresql/data

I'll try to figure out how to fix it, but essentially I answered my own question.

Here is a working example of docker-compose.yml file with secrets without using docker swarm:

version: '3.1'
services:
    postgres:
        image: postgres:9.4
        container_name: postgres
        environment:
            POSTGRES_USER: "db_user"
            POSTGRES_PASSWORD_FILE: /run/secrets/db_password
            POSTGRES_DB: "my_db"
        secrets:
          - db_password
        ports:
            - "8888:5432"
secrets:
   db_password:
     file: ./POSTGRES_PASSWORD
like image 89
HereHere Avatar answered Oct 19 '22 02:10

HereHere
Sign in to Comment

Related questions

Can I reference the service name docker-compose.yml
Jenkins Docker Pipeline override working directory
How to tag docker hub automated builds as git sha
Specifying superuser PostgreSQL password for a Docker Container
What is happening when docker-maven plugin tries to build image?
Run Grunt / Gulp inside Docker container or outside?
Docker service exposed publicly though made to expose ports to localhost only
How to be able to set up breakpoints correctly when using VS Code to debug a TypeScript app run using ts-node in a Docker container?
Continuous deployment & AWS autoscaling using Ansible (+Docker ?)
How Docker and Ansible fit together to implement Continuous Delivery/Continuous Deployment
Can we run multi-process program in docker?
Mount docker host volume but overwrite with container's contents
Lowercase images names in Docker
Connect to SQL Server database from a docker container
Docker: proxy_pass to another container - nginx: host not found in upstream
How do I write to a volume container as non-root in docker?
Should .dockerignore typically be a superset of .gitignore?
Run a script when docker is stopped
Jenkins Docker Pipeline Exit Code -1
Angular App running on nginx and behind an additional nginx reverse proxy

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!