Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to maintain secrets used in Dockerfile?

Tags:

docker

docker-compose

aws-secrets-manager

aws-parameter-store

Below is the snippet of docker-compose file having passwords:

test:
  build: ../../
  dockerfile: docker/dev/Dockerfile
  volumes_from:
    - cache
  links:
    - db
  environment:
    DJANGO_SETTINGS_MODULE: todobackend.settings.test
    MYSQL_HOST: db
    MYSQL_USER: root
    MYSQL_PASSWORD: password
    TEST_OUTPUT_DIR: /reports

db:
  image: mysql:5.6
  hostname: db
  expose:
    - "3386"
  environment:
    MYSQL_ROOT_PASSWORD: password

Running this file in AWS environment,

Can be using KMS storing in s3 and another approach is AWS parameter store

When building dockerfile and launching containers using docker-compose, How to maintain secrets safely, without exposing it to text files? any code snippet...

like image 669
overexchange Avatar asked Oct 17 '19 15:10

overexchange

People also ask

How do I update Docker secrets?

Note: After you create a secret, you cannot update it. You can only remove and re-create it, and you cannot remove a secret that a service is using. However, you can grant or revoke a running service's access to secrets using docker service update .

Can I use Docker secrets without Swarm?

Yes, you can use secrets if you use a compose file. (You don't need to run a swarm). You use a compose file with docker-compose: there is documentation for "secrets" in a docker-compose. yml file.

1 Answers

You can use the integration between ECS and Secrets Manager to put the references to the secrets stored in Secrets Manager in the ECS task definition and then reference them as environment varialbles. The ECS docs provide a short tutorial on this (and there are more elaborate blog posts).

like image 93
JoeB Avatar answered Nov 01 '22 12:11

JoeB
Sign in to Comment

Related questions

Docker offline network
Setting up IPFS Cluster on docker environment
Integrating Identity Server; Docker and MVC Core (Web Client)
How to copy files from docker container to host using docker-compose in docker-machine
Trying to get a headless WordPress to do hot reloading on yarn start command
Getting reproducible docker layers on different hosts
Docker container fails to run, Error : python3: can't open file 'flask run --host=0.0.0.0': [Errno 2] No such file or directory
Create Docker Image For JRE FROM scratch
How to activate a conda environment before running Docker commands
Heroku CLI "No command specified for process type web" when releasing container
Ensuring spring boot and liquibase receive and handle SIGTERM
TeamCity Build Agent: Error registering on the server via URL
How to Configure NGINX to Serve ASGI from UNIX Socket?
How to run fluentd in docker within the internal network
How to deploy frontend and backend in same heroku applications but different docker images
Access to docker container using host name instead of localhost
Flask app unable to query data from mongodb using mongoengine in a dockerized setup
How to print logs when I use command of docker-compose up
Docker: Cannot start service app: OCI runtime create failed:
Install R packages using Dockerfile

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!