Add support for encrypted environment variables #908
Comments
|
Would it really be useful to share a fig file that only you can use? Why don't you just use environment keys (see http://www.fig.sh/yml.html#environment) and export the secrets on your host environment in the first place? 👎 |
|
Yes, this doesn't seem all that helpful. |
|
Other people on my team can use it, they just need to know the password. Environment files doesn't solve my problem of distributing secrets to my team members. I agree I can decrypt them in the container but then I need to do run-time munging of config files or write that facility into all my applications. |
|
At @scraperwiki we solve this using That way, to get the secrets in your environment, you just In your You can equally well substitute |
|
There is also #1534 which can possibly supersede this issue. |
|
Ya, I don't think The above comments outline some good ways to handle this without compose being involved. |
|
moby/moby#13490 (still open for now) is also an eye opener. There are even some issues with using the environment for secrets that I wasn't aware of. |
Allow users to encrypt environmental variables in their yaml configuration so they can still feel comfortable keeping them in version control. Would decrypt values transparently with a chosen environmental variable (like FIG_CRYPT_KEY) and provide users a helper command to generate encrypted values.
Only downside is you have to add pycrypto as a dependency.
The text was updated successfully, but these errors were encountered: