Menu
I have my app inside a container and it's reading environment variables for passwords and API keys to access services. If I run the app on my machine (not inside docker), I just export SERVICE_KEY='wefhsuidfhda98' and the app can use it.
What's the standard approach to this? I was thinking of having a secret file which would get added to the server with export commands and then run a source on that file.
I'm using docker & fig.
357
The “inspect“” command will list the complete information of the container.
The secrets are each mounted in a tmpfs filesystem at /run/secrets/mysql_password and /run/secrets/mysql_root_password . They are never exposed as environment variables, nor can they be committed to an image if the docker commit command is run.
Provide a password using STDIN To run the docker login command non-interactively, you can set the --password-stdin flag to provide a password through STDIN . Using STDIN prevents the password from ending up in the shell's history, or log-files.
The solution I settled on was the following: save the environment variables in a secret file and pass those on to the container using fig.
have a secret_env file with secret info, e.g.
export GEO_BING_SERVICE_KEY='98hfaidfaf'
export JIRA_PASSWORD='asdf8jriadf9'
secret_env in my .gitignore
have a secret_env.template file for developers, e.g.
export GEO_BING_SERVICE_KEY='' # can leave empty if you wish
export JIRA_PASSWORD='' # write your pass
in my fig.yml I send the variables through:
environment:
- GEO_BING_SERVICE_KEY
- JIRA_PASSWORD
source secret_env before building
132
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With