Skip to main content

Utilizing Docker Secret

It likely happens that we need to provide some secrets like passwords, keys, or private things into our Docker containers. If we use the docker-compose tool to generate our containers, we basically can put the secrets as environment variables in the docker-compose.yaml file. But, what if we want to share our configuration with the others, they will find those secrets too. So, for overcoming that issue, we can utilize a feature provided by Docker itself which is the Docker secret, or we can just call it secret.

For instance, we want to build a container for the PostgreSQL database. The PostgreSQL image allows us to set a custom database password by providing a value for the POSTGRES_PASSWORD or POSTGRES_PASSWORD_FILE variable.

services:
  postgres:
    image: postgres
    environment:
      - POSTGRES_PASSWORD=$3cureP4ssword

Or, we can utilize the Docker bind-mounting to store a file and instruct the Docker to read the secret information from the mounted file.

services:
  services:
    postgres:
      image: postgres
      volumes:
        - /project/path/my_secret_file:/var/lib/postgresql/my_secret_file
      environment:
        - POSTGRES_PASSWORD_FILE=/var/lib/postgresql/my_secret_file

Secret works like a special volume-mounting with a unique mechanism. First, we create a file in our project that contains a password for our database service. For example, it is stored in the /project/path/my_secret_file file. The file must contain only the password value, for example, it contains only "$3cureP4ssword". Then, it's just like a volume-mounting, we set the secret definition and enable it for the service. The specified file will be automatically available in the container in a special directory maintained by Docker which is located in the /run/secrets/ directory. Lastly, we set the environment variable to use the value stored in the deployed directory.

services:
  postgres:
    image: postgres
    secrets:
      - the_secret_name
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/the_secret_name

secrets:
  the_secret_name:
    file: /project/path/my_secret_file

Comments

Popular posts from this blog

Setting Up Next.js Project With ESLint, Typescript, and AirBnB Configuration

If we initiate a Next.js project using the  create-next-app tool, our project will be included with ESLint configuration that we can apply using yarn run lint . By default, the tool installs eslint-config-next and extends next/core-web-vitals in the ESLint configuration. The Next.js configuration has been integrated with linting rules for React and several other libraries and tools. yarn create next-app --typescript For additional configuration such as AirBnB, it is also possible. First, we need to install the peer dependencies of eslint-config-airbnb . We also add support for Typescript using eslint-config-airbnb-typescript . yarn add --dev eslint-config-airbnb eslint-plugin-import eslint-plugin-jsx-a11y eslint-plugin-react eslint-plugin-react-hooks yarn add --dev eslint-config-airbnb-typescript @typescript-eslint/eslint-plugin @typescript-eslint/parser After that, we can update the .eslintrc.json file for the new configuration. { "extends": [ "airb

Rangkaian Sensor Infrared dengan Photo Dioda

Keunggulan photodioda dibandingkan LDR adalah photodioda lebih tidak rentan terhadap noise karena hanya menerima sinar infrared, sedangkan LDR menerima seluruh cahaya yang ada termasuk infrared. Rangkaian yang akan kita gunakan adalah seperti gambar di bawah ini. Pada saat intensitas Infrared yang diterima Photodiode besar maka tahanan Photodiode menjadi kecil, sedangkan jika intensitas Infrared yang diterima Photodiode kecil maka tahanan yang dimiliki photodiode besar. Jika  tahanan photodiode kecil  maka tegangan  V- akan kecil . Misal tahanan photodiode mengecil menjadi 10kOhm. Maka dengan teorema pembagi tegangan: V- = Rrx/(Rrx + R2) x Vcc V- = 10 / (10+10) x Vcc V- = (1/2) x 5 Volt V- = 2.5 Volt Sedangkan jika  tahanan photodiode besar  maka tegangan  V- akan besar  (mendekati nilai Vcc). Misal tahanan photodiode menjadi 150kOhm. Maka dengan teorema pembagi tegangan: V- = Rrx/(Rrx + R2) x Vcc V- = 150 / (150+10) x Vcc V- = (150/160) x 5

Kerusakan pada Motherboard

1. Sering terjadi hang memory tidak cocok --- ganti memory ada virus di harddisk --- scan harddisk over clock --- seting kembali clock prosesor ada bad sector di harddisk --- partisi harddisk dengan benar 2. Pembacaan data menjadi lambat memori tidak cukup --- tambah memori harddisk penuh atau ada virus --- kurangi isi harddisk, scan harddisk, atau ganti hardisk 3. CMOS failure baterai habis --- ganti baterai CMOS seting BIOS berubah --- seting kembali BIOS 4. Tidak bisa booting cache memory rusak --- disable eksternal cache memory di BIOS memori tidak cocok --- ganti memori boot sector pada harddisk rusak --- masukkan operating system baru ada bad sector pada trek awal harddisk --- partisi harddisk 5. Suara bip panjang berkali-kali memori rusak --- periksa kedudukan memori memori tidak cocok --- ganti memori memori tidak masuk slot dengan sempurna --- periksa kembali kedudukan memori 6. Suara bip bagus tetapi tidak ada tampilan / bip dua kali VGA card

Raspberry Pi Bluetooth Connection

Raspberry Pi 3 provides a built-in Bluetooth module. The latest Raspbian has been bundled with tools for enabling Bluetooth connection. The Bluetooth icon will be shown up on the top right corner of the desktop. It's a tool to discover available Bluetooth devices and connect Pi with Bluetooth devices. It is easy to connect any Bluetooth-enabled electronic device with Pi. But, sometimes Pi will fail to connect, especially for Bluetooth device that has no standardized services. From a terminal, we can use the  bluetoothctl tool to scan and connect with a Bluetooth device. You should make sure that the BlueZ protocol stack has been installed by running $ apt-get install bluez Run bluetoothctl to enter the tool command window Turn the power on by running power on (Optional) You can set AutoEnable=true in /etc/bluetooth/main.conf if you want to make the Bluetooth auto power-on after reboot. Run devices to see which devices have been paired Run scan on if your desired d

Pemrograman Paralel dengan CUDA

CUDA ( Compute Unified Device Architecture ) adalah suatu skema yang dibuat oleh NVIDIA agar NVIDIA selaku GPU ( Graphic Processing Unit ) mampu melakukan komputasi tidak hanya untuk pengolahan grafis namun juga untuk tujuan umum. Jadi, dengan CUDA, kita dapat memanfaatkan cukup banyak  processor  yang dimiliki oleh NVIDIA untuk berbagai perhitungan. GPU yang ada  saat ini seperti ATI pun sudah memiliki banyak processor di dalamnya. Pada ATI, skema yang mereka bangun disebut ATI Stream. Saat ini pemrograman paralel menjadi sangat penting karena kebutuhan kemampuan komputasi komputer yang terus meningkat seperti kemampuan multitasking  dan pengolahan grafis yang andal. Metode saat ini dalam peningkatan peforma komputer juga berbeda dengan masa lampau dimana peningkatan clock  dari processor  yang diutamakan. Peningkatan clock  juga dibatasi oleh kemampuan fisik dari perangkat digital yaitu persoalan daya dan panas. Pada 2005 berbagai industri komputer mulai menawakan komputer den

Itachi Uchiha

The Real Hero of Konoha