November 26, 20196 yr Hello everyone, I wanted to know if there is a way to deal with Dockers & Secrets. Since as you all know, setting in clear text db pwd, or root pwd,etc isn't a good idea I wanted to know how are you dealing with it and if it's possible to use secrets. If yes - how 🙂  Thanks
November 26, 20196 yr Just now, BRiT said: Secrets? 😕 Well, yeah, you weren't supposed to know! Shhh, try to keep it quiet so no one else finds out.  https://docs.docker.com/engine/swarm/secrets/
November 26, 20196 yr Author 17 minutes ago, Hoopster said: Well, yeah, you weren't supposed to know! Shhh, try to keep it quiet so no one else finds out. Â https://docs.docker.com/engine/swarm/secrets/ Yeah, there are also ways to use it outside of a swarn; but then you have an answer to my question? Cause I've checked more or less how it works with docker itself - but it's usable also with unraid? With templates? Â
November 26, 20196 yr 11 minutes ago, TDA said: but then you have an answer to my question? I am afraid I do not have an answer for you. I came across the concept of secrets when I was looking into some other facet of Docker a few months ago so I knew what you were talking about, but, I have seen no discussion of it relative to the Docker implementation in unRAID.  There is this note in the document I linked:  "Note: Docker secrets are only available to swarm services, not to standalone containers. To use this feature, consider adapting your container to run as a service. Stateful containers can typically run with a scale of 1 without changing the container code." Edited November 26, 20196 yr by Hoopster
November 26, 20196 yr Author Yeah I know they say it's only available inside a SWARM but it isn't. Now it could be that the secrets are held inside the docker itself, but it seems also not a so good idea: https://towardsdatascience.com/top-20-docker-security-tips-81c41dd06f57 But atleast from what I have found in my context (I've tried with MARIADB as an example), oviously the masterPWD is held by a variable... which obviously can be found with the inspection of the docker... bad For this reason I wanted to know how to secure this aspect. Â Edited November 26, 20196 yr by TDA
Archived
This topic is now archived and is closed to further replies.