I am using Docker, but not Swarm (or any other orchestration) for a project.
Is there a way to leverage Docker Secrets without Swarm?
Asked
Active
Viewed 8,561 times
2 Answers
3
You can use docker secrets a bit differently using docker-compose without having to use swarm. See this for the official documentation.
Example:
- Create a simple compose file like so,
version: "3.7"
services:
db:
image: mariadb:10.5.2
env_file:
- ./db.env
secrets:
- rootpass
- dbpass
- mysqldb
- mysqluser
restart: always
- Now add the following in the end
secrets:
rootpass:
file: /tmp/root_pass
dbpass:
file: /tmp/db_pass
mysqldb:
file: /tmp/mysql_db
mysqluser:
file: /tmp/mysql_user
- Inside those files, keep your password, username, database name etc. in plain text. Then simply deploy the containers
docker-compose up -d.
It's similar to how you define volumes and networks in a compose file.
Keep in mind that this isn't true secret implementation. Here's the github PR that added this feature, along with the main file if you're interested.
0
Regarding the documentation in https://hub.docker.com/_/mariadb?tab=description, your solution can be this:
version: "3.9"
services:
db:
image: mariadb:10.7
secrets:
- rootpass
- dbpass
- mysqldb
- mysqluser
environment:
MARIADB_ROOT_PASSWORD_FILE: /run/secrets/rootpass
MARIADB_DATABASE_FILE: /run/secrets/mysqldb
MARIADB_USER_FILE: /run/secrets/mysqluser
MARIADB_PASSWORD_FILE: /run/secrets/dbpass
restart: unless-stopped
ports:
- '3306:3306'
secrets:
rootpass:
file: ./cf/root_pass
dbpass:
file: ./cf/db_pass
mysqldb:
file: ./cf/mysql_db
mysqluser:
file: ./cf/mysql_user
Stefan Lasiewski
- 103
- 3
britodfbr
- 101