docker secrets with non root user

Question

I have a docker container run with a non root user for better security, but it seems it can't access the secrets I'm sharing with it:

Importing account from "/run/secrets/authority.priv.json" failed: Permission denied (os error 13)

I tried different solutions in my docker compose: 1. Setting the uid and gid to 1000 (uid/gid if the user inside the container) 2. Settting the mode to 0444 and even 0777

But none of these have worked, only using root allows me to use these secrets.

Any idea?

Bonus question: will it be the same issue within kubernetes?

The dockerfile:

FROM parity/parity:v2.2.1
LABEL maintainer="[email protected]"

# SAD but It seems impossible to read the secrets otherwise
USER root

VOLUME ["/home/parity/.local/share/io.parity.ethereum"]

ADD ./configPoANode.toml /home/parity/configPoANode.toml
ADD ./PoA.json /home/parity/PoA.json
ADD ./entrypoint.sh /home/parity/entrypoint.sh

ENTRYPOINT ["/home/parity/entrypoint.sh"]

appendix: repository (with user ROOT in the dockerfile):

Answer 1

Use RUN --mount=type=secret,id=mysecret,uid=1000 cat /run/secrets/mysecret

Where mysecret is what you pass to docker build --secret id=mysecret,src=authority.priv.json and uid is the uid of parity user.