Docker secrets
SylverRat opened this issue · 5 comments
Any ideas how to use docker secrets with this?
This does not work for me:
secrets:
redis_password:
file: $DOCKER/secrets/redis_password
services:
redis:
image: redis:latest
container_name: redis
hostname: redis
restart: always
command: ["bash", "-c", 'docker-entrypoint.sh --requirepass "$$(cat $$REDIS_PASSWORD_FILE)"']
secrets:
- redis_password
volumes:
- $DOCKER/redis/redis.conf:/usr/local/etc/redis/redis.conf
- $DOCKER/redis/data:/data
environment:
- REDIS_PASSWORD_FILE=/run/secrets/redis_password
phpredisadmin:
image: erikdubbelboer/phpredisadmin:latest
container_name: phpredisadmin
hostname: phpredisadmin
restart: unless-stopped
depends_on:
- redis
secrets:
- redis_password
environment:
- REDIS_1_HOST=redis
- REDIS_1_AUTH_FILE=/run/secrets/redis_password
TIA,
I have never worked with Docker secrets before but it seems like they are only available though files.
A pull request to support REDIS_1_AUTH_FILE
is welcome.
You would need to check here if getenv($prefix . 'AUTH_FILE')
exists, and if it does set something like $server_auth = file_get_contents(getenv($prefix . 'AUTH_FILE'));
.
I don't have any setup with Docker secrets to test this so I hope you can make a pull and test this?
One little prob, I don’t know, what I should do. 😅
But found this little snippet, maybe you could get something from it…
If you want to load a secrets file into an environment variable, the Official MySQL Docker Image has a solution for you.
See
docker_setup_env()
andfile_env()
functions in docker-entrypoint.she.g. -
$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mysql:tag
Results in loading the contents of
/run/secrets/mysql-root
intoMYSQL_ROOT_PASSWORD
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both ${var} and ${fileVar} are set (but are mutually exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
I just released a new v1.17.3 version which should have support for this. Can you please check if it works for you?
Thank you!
Comfirmed, works for me with the OP settings.