Docker Secrets
Luis Hernandez
Developer
lhernandez@nearsoft.com
Docker Swarm
Cluster Management features applied to docker containers.
Managers - Workers
Docker sERVICE
Process to run accordingly in your swarm environment ( manager - nodes)
WHAT IS A 'SECREt'?
sENSITIVE DATA USED ACROSS YOUR CONTAINERS.
Abstraction Layer for credentials.
Test, pRODUCTION, DEVELPMENT ENV
secret_name_x
Managing secrets in docker.
Creating a secret
Docker sends the secret to the swarm manager over a mutual TLS connection. The secret is stored in the Raft log, which is encrypted.
Grant access to a secret
The decrypted secret is mounted into the container in an in-memory filesystem. The location of the mount point within the container defaults to /run/secrets/<secret_name>
docker secret commands
docker secret create
docker secret inspect
docker secret ls
docker secret rm
--secret flag for docker service create
--secret-add and --secret-rm flags for docker service update
Example
Creating a secret
$ echo "This is a secret" | docker secret create my_secret_data -
Creating a Service and grant access to secret
$ docker service create --name redis --secret my_secret_data redis:alpine
rEMOVING ACCESS TO A secret
$ docker service update --secret-rm my_secret_data redis
thankS!
Docker Secrets
By Luis Hernandez
Docker Secrets
- 635