Instead of supplying the license id and key directly via environment variables (LICENSE_ID, LICENSE_KEY) it would be helpful to alternatively allow supplying them also as files to the container and map the contents of these files to the LICENSE_ID and LICENSE_KEY environment variables.
A solution could allow two additional environment variables like LICENSE_ID_FILE and LICENSE_KEY_FILE. The startup script maps the contents of the files specified by these variables to the LICENSE_ID and LICENSE_KEY variables.
Usage with docker secrets could then look like:
services:
app:
image: my-mendix-app:latest
secrets:
- license-id
- license-key
environment:
- LICENSE_ID_FILE=/run/secrets/license-id
- LICENSE_KEY_FILE=/run/secrets/license-key
secrets:
license-id:
file: ./license-id.txt
license-key:
file: ./license-key.txtAs stated by the docker compose documentation supplying sensitive information via environment variables my lead to unintentional information exposure, whereas secrets can only be accessed by services that have granted access explicitly via the secrets attribute in the config.
Instead of supplying the license id and key directly via environment variables (
LICENSE_ID,LICENSE_KEY) it would be helpful to alternatively allow supplying them also as files to the container and map the contents of these files to theLICENSE_IDandLICENSE_KEYenvironment variables.A solution could allow two additional environment variables like
LICENSE_ID_FILEandLICENSE_KEY_FILE. The startup script maps the contents of the files specified by these variables to theLICENSE_IDandLICENSE_KEYvariables.Usage with docker secrets could then look like:
As stated by the docker compose documentation supplying sensitive information via environment variables my lead to unintentional information exposure, whereas secrets can only be accessed by services that have granted access explicitly via the secrets attribute in the config.