Skip to content

Instantly share code, notes, and snippets.

@ronaldb

ronaldb/docker-compose.yml

Last active April 7, 2024 04:29
Show Gist options
  • Star 9 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ronaldb/d4b3d3327a5f80bfd12d748ca0ae91ae to your computer and use it in GitHub Desktop.
Save ronaldb/d4b3d3327a5f80bfd12d748ca0ae91ae to your computer and use it in GitHub Desktop.
Download ZIP
Docker - Use secrets in a single node docker environment and mysql
Raw
docker-compose.yml
version: "3.6"
services:
my_sql:
image: mysql:5.7
volumes:
- ./data:/var/lib/mysql
secrets:
- my_secret
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/my_secret
MYSQL_DATABASE: todos
nodejs:
image: node:8
secrets:
- my_secret
environment:
MYSQL_PASSWORD_FILE: /run/secrets/my_secret
secrets:
my_secret:
file: ./super_duper_secret.txt
Raw
sample-node.js
const fs = require('fs');
passwd = fs.readFileSync(process.env.MYSQL_PASSWORD_FILE, 'utf8').trim();
console.log(passwd);
@ronaldb
Copy link
Author

ronaldb commented Nov 25, 2019

The nodejs service will immediately exit, but the idea is to have it run sample-node.js.

@thomkaufmann
Copy link

Thanks for this -- it was very helpful to see how it all comes together. But I don't think you need to include the whole path in line 3 of sample-node.js because it is included in the MYSQL_PASSWORD_FILE environment variable.

@ronaldb
Copy link
Author

ronaldb commented Dec 6, 2019
edited

It's definitely a work in progress! :) And you're absolutely correct (and I corrected it). This gist was really to capture what I've found as opposed to a working solution.

@BoxOfCereal
Copy link

BoxOfCereal commented May 10, 2020
edited

Thanks for the example! I really didn't want to use swarm for a single container. I notice this means super_duper_secret.txt is in the location run/secrets/<secret_name>. Does this mean if someone gains access to the container they also see the secrets?

@ronaldb
Copy link
Author

ronaldb commented May 20, 2020

Thanks for the example! I really didn't want to use swarm for a single container. I notice this means super_duper_secret.txt is in the location run/secrets/<secret_name>. Does this mean if someone gains access to the container they also see the secrets?

Yeah, I think once you're in the container you have access. Don't let them in... 😨

@barkhachoithani
Copy link

I'm getting below error while building.

ERROR: for secrets-poc_my_sql_1 Cannot create container for service my_sql: invalid mount config for type "bind": stat /home/user1/secrets-poc/super_duper_secret.txt: permission denied

ERROR: for my_sql Cannot create container for service my_sql: invalid mount config for type "bind": stat /home/user1/secrets-poc/super_duper_secret.txt: permission denied
ERROR: Encountered errors while bringing up the project.
Anything I am missing here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment