remove variables after they have been exported

Question

remove variables after they have been exported

Closed this issue 5 years ago · 1 comments

Hi,

Thanks for you work.
It works well but I would like to know whether there is a way to remove the variables from the container after it is exported.
For security purpose I don't think it's a good that idea to leave them all. Someone could easily exec into the container and get all the secrets.

Cheers

Answer 1 · 2019-07-23T07:17:50.000Z

Hi, thanks for your query.

You could change the Docker command from the example in the README to remove the file after sourcing it, something like:

command: ["/bin/sh", "-c", "source /env/variables; rm /env/variables; ./run-my-app.sh"]

However, we've not considered this to be a big risk as the secrets existing within the container's environment anyway. So if untrusted parties can exec to container then there's potential for them to access those secrets too.