Add Docker Secrets Support #161
Conversation
Documentation Update Add more examples to the compose
|
What's the benefit of this over putting your sensitive data in |
docker-compose.yml
Outdated
| @@ -13,3 +24,30 @@ services: | |||
| environment: | |||
| # - EMAIL=foo@bar.org | |||
| # - NOTIFY='tgram://...' | |||
| # - NOTIFY_TITLE="Optional title for notifications" | |||
There was a problem hiding this comment.
Don't want another place to keep options in sync besides config.js and README.md.
Is this useful for some software to offer a template? (There's already some external Unraid template.)
There was a problem hiding this comment.
That is a good wish. I can remove them, but at least compose example should be copy-paste working, so that it contains basic needed data.
There is no clear benefit if I read documentation carefully before to do it 😵💫. I didn't know that this was supported, sorry for that. Probably that was caused by my own setup, I do share some Secrets across containers with docker secrets feature, so that I simply need to declare them additionally in a yaml file.
To be honest I do not like docker secrets implementation, rather as it is done in kubernetes - you declare secret, it is variable, not a file, that you need to read and import. |
| @@ -13,6 +13,34 @@ rm -f /fgc/data/browser/SingletonLock | |||
| # ls -l /tmp/.X11-unix/ | |||
| rm -f /tmp/.X1-lock | |||
|
|
|||
| # Check and export secrets to variables if exist | |||
| # Get list of VARIABLES with "_FILE" at the end | |||
| SECRETS_LIST=$(env | grep "_FILE") | |||
There was a problem hiding this comment.
I thought also to limit those to only credentials and add here whitelist, e.g. PASSWORD_FILE, EMAIL_FILE, OTP_FILE.
grep -E "PASSWORD_FILE|EMAIL_FILE|OTP_FILE"
Add non secrets example. Move to generic variables
Documentation Update
Add more examples to the compose
Now any Variable that set with
_FILEat the end will be treated as Docker Secret.