Luis Hernandez
Developer
lhernandez@nearsoft.com
Managers - Workers
secret_name_x
Docker sends the secret to the swarm manager over a mutual TLS connection. The secret is stored in the Raft log, which is encrypted.
The decrypted secret is mounted into the container in an in-memory filesystem. The location of the mount point within the container defaults to /run/secrets/<secret_name>
docker secret create
docker secret inspect
docker secret ls
docker secret rm
--secret flag for docker service create
--secret-add and --secret-rm flags for docker service update
$ echo "This is a secret" | docker secret create my_secret_data -
$ docker service create --name redis --secret my_secret_data redis:alpine
$ docker service update --secret-rm my_secret_data redis