Docker Swarm

Cluster Management features applied to docker containers.

Managers - Workers

Docker sERVICE

Process to run accordingly in your swarm environment ( manager - nodes)

WHAT IS A 'SECREt'?

sENSITIVE DATA USED ACROSS YOUR CONTAINERS.

Abstraction Layer for credentials.

Test, pRODUCTION, DEVELPMENT ENV

secret_name_x

Managing secrets in docker.

Creating a secret

Docker sends the secret to the swarm manager over a mutual TLS connection. The secret is stored in the Raft log, which is encrypted.

Grant access to a secret

The decrypted secret is mounted into the container in an in-memory filesystem. The location of the mount point within the container defaults to /run/secrets/<secret_name>

docker secret commands

docker secret create

docker secret inspect

docker secret ls

docker secret rm

--secret flag for docker service create

--secret-add and --secret-rm flags for docker service update

Example

Creating a secret

$ echo "This is a secret" | docker secret create my_secret_data -

Creating a Service and grant access to secret

$ docker service  create --name redis --secret my_secret_data redis:alpine

rEMOVING ACCESS TO A secret

$ docker service update --secret-rm my_secret_data redis