Menu
I am using Docker on Mac OS X with Docker Machine (with the default boot2docker machine), and I use docker-compose to setup my development environment.
Let's say that one of the containers is called "stack". Now what I want to do is call:
docker-composer run stack ssh [email protected] My public key (which has been added to stackoverflow.com and which will be used to authenticate me) is located on the host machine. I want this key to be available to the Docker Machine container so that I will be able to authenticate myself against stackoverflow using that key from within the container. Preferably without physically copying my key to Docker Machine.
Is there any way to do this? Also, if my key is password protected, is there any way to unlock it once so after every injection I will not have to manually enter the password?
275
To shared the SSH agent between your host machine and your docker container all you need to do is set an environment variable and a volume mount in your docker setup. In the container, we're setting the environment variable SSH_AUTH_SOCK to the path /ssh-agent .
In order to inject you ssh key, within a container, you have multiple solutions: Using a Dockerfile with the ADD instruction, you can inject it during your build process. Simply doing something like cat id_rsa | docker run -i <image> sh -c 'cat > /root/. ssh/id_rsa'
You can add this to your docker-compose.yml (assuming your user inside container is root):
volumes: - ~/.ssh:/root/.ssh Also you can check for more advanced solution with ssh agent (I did not tried it myself)
78
WARNING: This feature seems to have limited support in Docker Compose and is more designed for Docker Swarm.
(I haven't checked to make sure, but) My current impression is that:
See answer comments for more details.
Docker has a feature called secrets, which can be helpful here. To use it one could add the following code to docker-compose.yml:
--- version: '3.1' # Note the minimum file version for this feature to work services: stack: ... secrets: - host_ssh_key secrets: host_ssh_key: file: ~/.ssh/id_rsa Then the new secret file can be accessed in Dockerfile like this:
RUN mkdir ~/.ssh && ln -s /run/secrets/host_ssh_key ~/.ssh/id_rsa Secret files won't be copied into container:
When you grant a newly-created or running service access to a secret, the decrypted secret is mounted into the container in an in-memory filesystem
For more details please refer to:
39
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
