Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Experiment with using Docker Secrets (but not in Swarm mode) #119

Open
kowh-ai opened this issue Feb 6, 2024 · 4 comments
Open

Experiment with using Docker Secrets (but not in Swarm mode) #119

kowh-ai opened this issue Feb 6, 2024 · 4 comments

Comments

@kowh-ai
Copy link
Contributor

kowh-ai commented Feb 6, 2024

Following on from conversations with pwalsh I will investigate how using Docker secrets (while not in Docker Swarm mode) give's any advantage over the PR: #76

For reference:
https://docs.docker.com/compose/use-secrets/
https://gist.github.com/brianjbayer/966769aa0b00bb95b266827862dd511e
docker/compose#4368

@kowh-ai
Copy link
Contributor Author

kowh-ai commented Feb 7, 2024

  • Easy enough to get (local) secrets running
  • Creates "secret" files on the running container as /run/secrets/<secret name>
  • file content is in plain text

@pwalsh
Copy link
Member

pwalsh commented Feb 14, 2024

ok. so it means that, it is "as secure" as using environment variables, but, provides a seamless path to a secure implementation, if going from Compose to Swarm. That might not be very compelling unless we know people are using Docker Swarm.

@kowh-ai
Copy link
Contributor Author

kowh-ai commented Feb 14, 2024

Another alternative to using Swarm to just manage secrets in Docker Compose could be to investigate using an external Vault system to manage secrets in Docker Compose eg: Hashicorp Vault or Mozilla SOPS. If it's feasible then perhaps just a Howto Wiki Page in the ckan-docker repo would be helpful for people wanting a more secure Docker environment

@b-a0
Copy link

b-a0 commented Dec 26, 2024

Was there an update on this experiment?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants