Security [SOLVED]: Is there a more secure way to pass variables to a docker container than via env

Security [SOLVED]: Is there a more secure way to pass variables to a docker container than via env

Home Forums Security Security [SOLVED]: Is there a more secure way to pass variables to a docker container than via env

Tagged: , ,

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #36294

    Anonymous

    QuestionQuestion

    I’m experimenting with docker containers. More precise, I use docker-compose. I need to pass variables to my container and use an .env file for that. While that works, it makes my wonder how secure it is. I mean every script language has access to env and therefore any hack in the runnning application could expose sensitive data stored in env. I want to store data like db passwords.

    Inspired by salt, I am looking for a way to safely pass my variables into my application template before building the container, instead of passing them into the env of the container. How could one achieve this?

    #36295

    Anonymous

    Accepted AnswerAnswer

    There’s an alternative using Docker Swarm called Docker secrets. A swarm allows you to have a cluster of docker engine nodes and you can create a one machine cluster if you wish. Basically you can use secrets that are stored in the Docker Swarm cluster that can be used when a service (a service will deploy tasks using containers in your cluster) is deployed in your cluster.

    Docker secrets are explained here and you can even use them in your compose files. You have a nice example for your environment variables here.

    I use docker secrets to store Amazon S3 credentials that are used inside my containers.

    Source: https://serverfault.com/questions/888532/is-there-a-more-secure-way-to-pass-variables-to-a-docker-container-than-via-env
    Author: Miguel A. C.
    Creative Commons License
    This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.