Skip to main content

Utilizing Docker Secret

Image

It likely happens that we need to provide some secrets like passwords, keys, or private things into our Docker containers. If we use the docker-compose tool to generate our containers, we basically can put the secrets as environment variables in the docker-compose.yaml file. But, what if we want to share our configuration with the others, they will find those secrets too. So, for overcoming that issue, we can utilize a feature provided by Docker itself which is the Docker secret, or we can just call it secret.

For instance, we want to build a container for the PostgreSQL database. The PostgreSQL image allows us to set a custom database password by providing a value for the POSTGRES_PASSWORD or POSTGRES_PASSWORD_FILE variable.

services:
  postgres:
    image: postgres
    environment:
      - POSTGRES_PASSWORD=$3cureP4ssword

Or, we can utilize the Docker bind-mounting to store a file and instruct the Docker to read the secret information from the mounted file.

services:
  services:
    postgres:
      image: postgres
      volumes:
        - /project/path/my_secret_file:/var/lib/postgresql/my_secret_file
      environment:
        - POSTGRES_PASSWORD_FILE=/var/lib/postgresql/my_secret_file

Secret works like a special volume-mounting with a unique mechanism. First, we create a file in our project that contains a password for our database service. For example, it is stored in the /project/path/my_secret_file file. The file must contain only the password value, for example, it contains only "$3cureP4ssword". Then, it's just like a volume-mounting, we set the secret definition and enable it for the service. The specified file will be automatically available in the container in a special directory maintained by Docker which is located in the /run/secrets/ directory. Lastly, we set the environment variable to use the value stored in the deployed directory. 

services:
  postgres:
    image: postgres
    secrets:
      - the_secret_name
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/the_secret_name

secrets:
  the_secret_name:
    file: /project/path/my_secret_file

Labels:

Comments

Post a Comment

Popular posts from this blog

Deploying a Web Server on UpCloud using Terraform Modules

In my earlier post , I shared an example of deploying UpCloud infrastructure using Terraform from scratch. In this post, I want to share how to deploy the infrastructure using available Terraform modules to speed up the set-up process, especially for common use cases like preparing a web server. For instance, our need is to deploy a website with some conditions as follows. The website can be accessed through HTTPS. If the request is HTTP, it will be redirected to HTTPS. There are 2 domains, web1.yourdomain.com and web2.yourdomain.com . But, users should be redirected to "web2" if they are visiting "web1". There are 4 main modules that we need to set up the environment. Private network. It allows the load balancer to connect with the server and pass the traffic. Server. It is used to host the website. Load balancer. It includes backend and frontend configuration. Dynamic certificate. It is requ...
95 comments
Read more

How To Verify Phone Number for Free Using WhatsApp

If you have a product or business that maintains user information like phone numbers, verifying the validity or ownership of the phone number could become important, as the phone number can be used as an authentication method or targeted marketing channel. The typical phone verification procedure is by generating a code or OTP in our application, sending that OTP to the user's phone, and then the user should insert the OTP in our application for verification. The OTP can be sent to the users through services like SMS or WhatsApp that require a valid phone number. For internet-based communication, WhatsApp has become the de facto standard for sending the OTP. WhatsApp requires its users to have a valid phone number during account creation, and it already has a huge number of users, approximately 3 billion in 2025. Using that common procedure, WhatsApp will charge us for each OTP sent. The cost depends on the country of the target phone number. For Indonesia...
4 comments
Read more

What's Good About Strapi, a Headless CMS

Recently, I've been revisiting Strapi as a solution for building backend systems. I still think this headless CMS can be quite useful in certain cases, especially for faster prototyping or creating common websites like company profiles or e-commerce platforms . It might even have the potential to handle more complex systems. With the release of version 5, I'm curious to know what updates it brings. Strapi has launched a new documentation page, and it already feels like an improvement in navigation and content structure compared to the previous version. That said, there's still room for improvement, particularly when it comes to use cases and best practices for working with Strapi. In my opinion, Strapi stands out with some compelling features that could catch developers' attention. I believe three key aspects of Strapi offer notable advantages. First, the content-type builder feature lets us design the data structure of an entity or database model , including ...
4 comments
Read more

Rangkaian Sensor Infrared dengan Photo Dioda

Keunggulan photodioda dibandingkan LDR adalah photodioda lebih tidak rentan terhadap noise karena hanya menerima sinar infrared, sedangkan LDR menerima seluruh cahaya yang ada termasuk infrared. Rangkaian yang akan kita gunakan adalah seperti gambar di bawah ini. Pada saat intensitas Infrared yang diterima Photodiode besar maka tahanan Photodiode menjadi kecil, sedangkan jika intensitas Infrared yang diterima Photodiode kecil maka tahanan yang dimiliki photodiode besar. Jika  tahanan photodiode kecil  maka tegangan  V- akan kecil . Misal tahanan photodiode mengecil menjadi 10kOhm. Maka dengan teorema pembagi tegangan: V- = Rrx/(Rrx + R2) x Vcc V- = 10 / (10+10) x Vcc V- = (1/2) x 5 Volt V- = 2.5 Volt Sedangkan jika  tahanan photodiode besar  maka tegangan  V- akan besar  (mendekati nilai Vcc). Misal tahanan photodiode menjadi 150kOhm. Maka dengan teorema pembagi tegangan: V- = Rrx/(Rrx + R2) x Vcc V- = 150 / (1...
9 comments
Read more

Free Cloud Services from UpCloud

Although I typically deploy my development environment or experimental services on UpCloud , I do not always stay updated on its announcements. Recently, I discovered that UpCloud has introduced a new plan called the Essentials plan, which enables certain cloud services to be deployed at no cost. The complimentary services are generally associated with network components or serve as the foundation for other cloud services. This feature is particularly useful when retaining foundational services, such as a load balancer, is necessary, while tearing down all services and reconfiguring the DNS and other application settings each time we temporarily clean up infrastructure to reduce costs is undesirable.  When reviewing the service specifications of the cloud services in the Essentials plan, they appear to be very similar to those in the Development plan. The difference in service levels is unclear, but it could be related to hardware or resource allocation. For instance, the loa...
3 comments
Read more

Armin or Commander Erwin

In the moment of conflict in the scout team, who will be revived?
3 comments
Read more