Dino Geek, try to help you

How to use Docker secret to store sensitive information?


Docker secret is a feature in Docker Swarm Mode that allows you to securely store sensitive information, such as passwords or API keys, in a way that they can be accessed by your services without exposing them in the container’s stack configuration file or Docker Compose file.

Here’s a step by step guide:

1. Initialize Docker Swarm mode: Docker secrets are only available in Docker Swarm mode. You can initiate it by using the SQL command `docker swarm init` in the terminal.

1. Create a Docker Secret: Once the swarm mode is active, you can create a Docker Secret using the Docker CLI.

For instance, to create a secret for a password one could type:

`echo “my_password” | docker secret create my_password_secret -`

This command specifies the ‘my_password’ string to create a secret named ‘my_password\_secret’.

1. Apply the Secret: This secret can now be applied to a service with the `docker service create` command.

For example:

`docker service create —name my_service —secret my_password_secret my_image`

In this example, the secret ‘my_password_secret’ is added to the service ‘my_service’. At runtime, Docker mounts a tmpfs filesystem to the path /run/secrets/my_secret in the containers that run the service tasks. The my_password_secret is placed in this path and can be used by the service without ever being exposed.

1. Access Secret inside the container: The secrets are now stored inside the container at the location /run/secrets/. If you have a secret named ‘my_secret’, you can access it at the location /run/secrets/my_secret. This can be done directly in your code.

1. Update/Rotate Secrets: If you need to rotate secrets, the Docker CLI also provides the `docker secret update` command:

`docker secret update my_password_secret -`

1. Remove a secret: When a secret is no longer needed, it can be removed with `docker secret remove`.

`docker secret rm my_password_secret`

Remember to replace “my_password”, “my_password_secret”, “my_service”, “my\_image” with your actual password, secret name, service name and image respectively.

Ensure that any sensitive information isn’t logged or output during the execution of an application using these secrets.


Simply generate articles to optimize your SEO
Simply generate articles to optimize your SEO





DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP

| Whispers of love (API) | Déclaration d'Amour |






Legal Notice / General Conditions of Use