I am try to use secrets(from file - db_password.txt - content: root) in docker-compose.
->docker-compose -f compose-prod-replicaset.yml up --build --force-recreate
The secret is being mounted in "run/secrets/db_password" folder, normally; See that:
[0m total 8
[0m drwxr-xr-x 2 root root 4096 Apr 22 19:34 .
[0m drwxr-xr-x 1 root root 4096 Apr 22 19:34 ..
[0m -rwxrwxrwx 1 root root 4 Apr 22 17:24 db_password
However, when I have tried to use this secret as a environmental variable(db_password), the secret is being as its secret's path, in "plain text"(run/secrets/db_password);
My versions are:
- Docker version 20.10.13, build a224086
- docker-compose version 1.29.2, build 5becea4c
I have used the docker-compose to create a mongodb uri, as you can see the username is "root", BUT the password is being bind as "run/secrets/db_password". For example:
- mongodb://root:run/secrets/db_password@mongo1:27017/devtestdb?authSource=admin
version: "3.9"
networks:
api-net:
services:
mongo1:
container_name: mongo1
image: mongo:4.4.4
restart: always
ports:
- "27017:27017"
networks:
- api-net
volumes:
- ./db-test:/data/db
api:
container_name: api
image: pauloportfolio/api
build:
context: ../
dockerfile: ./docker/Dockerfile
args:
JAR_FILE: target/*.jar
ports:
- "8080:8080"
volumes:
- ./db-test:/data/db
depends_on:
- mongo1
networks:
- api-net
secrets:
- db_password
environment:
HOST_DB: mongo1
PORT_DB: 27017
AUTH_DB: admin
STD_DB: devtestdb
STD_USER: root
PASS_FILE: run/secrets/db_password
PORT_API: 8080
DEBUG_OPTIONS: -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005 -Xmx1G -Xms128m -XX:MaxMetaspaceSize=128m
secrets:
db_password:
file: ./db_password.txt
Please, any help is useful.
Thanks a lot
CodePudding user response:
If you want to load a secrets file into an environment variable, the Official MySQL Docker Image has a solution for you.
See docker_setup_env()
and file_env()
functions in docker-entrypoint.sh
e.g. -
$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mysql:tag
Results in loading the contents of /run/secrets/mysql-root
into MYSQL_ROOT_PASSWORD
CodePudding user response:
Might I recommend using an .env
file with docker-compose:
You can set default values for environment variables using a
.env
file, which Compose automatically looks for in project directory (parent folder of your Compose file). - Environment variables in Compose
# .env
MONGODB_PASSWORD=abc123
Then, you can pass the variable to the container.
# docker-compose.yml
...
services:
mongo1:
container_name: mongo1
image: mongo:4.4.4
environment:
- MONGODB_PASSWORD=$MONGODB_PASSWORD
restart: always
...
In your code, you will need to reference the ${MONGODB_PASSWORD}
environment variable.