TDA Posted November 26, 2019 Share Posted November 26, 2019 Hello everyone, I wanted to know if there is a way to deal with Dockers & Secrets. Since as you all know, setting in clear text db pwd, or root pwd,etc isn't a good idea I wanted to know how are you dealing with it and if it's possible to use secrets. If yes - how 🙂  Thanks Quote Link to comment
Hoopster Posted November 26, 2019 Share Posted November 26, 2019 Just now, BRiT said: Secrets? 😕 Well, yeah, you weren't supposed to know! Shhh, try to keep it quiet so no one else finds out.  https://docs.docker.com/engine/swarm/secrets/ 1 Quote Link to comment
TDA Posted November 26, 2019 Author Share Posted November 26, 2019 17 minutes ago, Hoopster said: Well, yeah, you weren't supposed to know! Shhh, try to keep it quiet so no one else finds out. Â https://docs.docker.com/engine/swarm/secrets/ Yeah, there are also ways to use it outside of a swarn; but then you have an answer to my question? Cause I've checked more or less how it works with docker itself - but it's usable also with unraid? With templates? Â Quote Link to comment
Hoopster Posted November 26, 2019 Share Posted November 26, 2019 (edited) 11 minutes ago, TDA said: but then you have an answer to my question? I am afraid I do not have an answer for you. I came across the concept of secrets when I was looking into some other facet of Docker a few months ago so I knew what you were talking about, but, I have seen no discussion of it relative to the Docker implementation in unRAID.  There is this note in the document I linked:  "Note: Docker secrets are only available to swarm services, not to standalone containers. To use this feature, consider adapting your container to run as a service. Stateful containers can typically run with a scale of 1 without changing the container code." Edited November 26, 2019 by Hoopster Quote Link to comment
TDA Posted November 26, 2019 Author Share Posted November 26, 2019 (edited) Yeah I know they say it's only available inside a SWARM but it isn't. Now it could be that the secrets are held inside the docker itself, but it seems also not a so good idea: https://towardsdatascience.com/top-20-docker-security-tips-81c41dd06f57 But atleast from what I have found in my context (I've tried with MARIADB as an example), oviously the masterPWD is held by a variable... which obviously can be found with the inspection of the docker... bad For this reason I wanted to know how to secure this aspect. Â Edited November 26, 2019 by TDA Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.