docker-compose secrets without swarm
13,410
Ok, so all I had to do is to remove
volumes:
- ./postgres:/var/lib/postgresql/data
I'll try to figure out how to fix it, but essentially I answered my own question.
Here is a working example of docker-compose.yml
file with secrets without using docker swarm:
version: '3.1'
services:
postgres:
image: postgres:9.4
container_name: postgres
environment:
POSTGRES_USER: "db_user"
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_DB: "my_db"
secrets:
- db_password
ports:
- "8888:5432"
secrets:
db_password:
file: ./POSTGRES_PASSWORD
Related videos on Youtube
Author by
HereHere
Updated on June 04, 2022Comments
-
HereHere almost 2 years
I don't want to use docker secrets with swarm and I discovered that it's possible to do that. Basically docker just mounts /run/secrets inside docker container, but when I enter the newly built docker container and do
echo $POSTGRES_PASSWORD_FILE
I get the path to my secret file.root@94a0f092eeb1:/# echo $POSTGRES_PASSWORD_FILE /run/secrets/db_password
Here is my
docker-compose.yml
fileversion: '3.1' services: postgres: image: postgres:9.4 container_name: postgres environment: POSTGRES_USER: "db_user" POSTGRES_PASSWORD_FILE: /run/secrets/db_password POSTGRES_DB: "my_db" secrets: - db_password volumes: - ./postgres:/var/lib/postgresql/data expose: - 5432 secrets: db_password: file: ./POSTGRES_PASSWORD.txt
Is my password set correctly/ Is there something wrong with my file?
-
HereHere about 5 years@stackoverflowed: From security perspective, not too secure. Just wanted to know if it's possible to do all of this without docker swarm
-
leszek.hanusz almost 5 yearsit also means that you can now push your docker-compose.yml in your git repo without your password in it
-
trey-jones over 4 yearsI'm interested in the concept. It seems that the same could be accomplished through a
.env
file in .gitignore. The more interesting question is how to share these secrets with your team. -
Jinna Balu almost 4 yearsIn all the examples I have gone through never found a sample for secret file for multiple secrets key-value pair. Is this a possibility for multiple parameters in one secret file?
-
bfontaine over 2 years@JinnaBalu unless the image you’re using supports reading multiple parameters from one file / env variable, no.
-
Jinna Balu over 2 yearsIt should support
-
slhck about 2 yearsThis works but the local file has to have very broad permissions to ensure that the Postgres container user can read it. That defeats the purpose of making it secret.