Create A Docker Secret With User Prompt
About • Built With • Prerequisites • Usage • Contributing • Credits • Donate • License
Docker is a popular platform to package software into so-called containers. Each container is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings. The Docker engine is available for many operating systems, including Linux and Windows. Since Docker 1.13, you can use Docker secrets to manage sensitive data that a container needs at runtime. Examples are usernames, passwords, and API keys.
Docker secrets are a feature of Docker Swarm. The secrets are stored in an encrypted Raft log and are replicated across the other swarm nodes if any. When you grant a newly-created or running service access to a secret, the decrypted secret is mounted into the container as an in-memory filesystem. The location of the mount point within the container defaults to /run/secrets/<secret_name> in Linux containers. Docker-secret is a Unix shell script that ensures data to create a Docker secret is read from a user prompt. This prevents sensitive data to be visible in the console logs.
The project uses the following core software components:
- Docker - Container platform (including Swarm)
Docker-secret works on any machine capable of running a standard Unix shell. The host needs to have Docker installed and needs to be initialized as Docker Swarm manager.
Docker-secret can be invoked from the Unix shell command line as such:
./create_secret.sh [OPTIONS] SECRET
SECRET is the name of the Docker Secret. The script supports the following options. All options are passed to docker secret create.
| Option | Alias | Argument | Description |
|---|---|---|---|
-d |
--driver |
string |
Secret driver |
-l |
--label |
list |
Secret labels |
-d |
--template-driver |
string |
Template driver |
- Clone the repository and create a new branch
$ git checkout https://github.com/markdumay/docker-secret.git -b name_for_new_branch - Make and test the changes
- Submit a Pull Request with a comprehensive description of the changes
Docker-secret is inspired by the following code snippet:
Copyright © Mark Dumay