-
-
Save ronaldb/d4b3d3327a5f80bfd12d748ca0ae91ae to your computer and use it in GitHub Desktop.
version: "3.6" | |
services: | |
my_sql: | |
image: mysql:5.7 | |
volumes: | |
- ./data:/var/lib/mysql | |
secrets: | |
- my_secret | |
environment: | |
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/my_secret | |
MYSQL_DATABASE: todos | |
nodejs: | |
image: node:8 | |
secrets: | |
- my_secret | |
environment: | |
MYSQL_PASSWORD_FILE: /run/secrets/my_secret | |
secrets: | |
my_secret: | |
file: ./super_duper_secret.txt |
const fs = require('fs'); | |
passwd = fs.readFileSync(process.env.MYSQL_PASSWORD_FILE, 'utf8').trim(); | |
console.log(passwd); |
Thanks for this -- it was very helpful to see how it all comes together. But I don't think you need to include the whole path in line 3 of sample-node.js because it is included in the MYSQL_PASSWORD_FILE environment variable.
It's definitely a work in progress! :) And you're absolutely correct (and I corrected it). This gist was really to capture what I've found as opposed to a working solution.
Thanks for the example! I really didn't want to use swarm for a single container. I notice this means super_duper_secret.txt is in the location run/secrets/<secret_name>. Does this mean if someone gains access to the container they also see the secrets?
Thanks for the example! I really didn't want to use swarm for a single container. I notice this means super_duper_secret.txt is in the location run/secrets/<secret_name>. Does this mean if someone gains access to the container they also see the secrets?
Yeah, I think once you're in the container you have access. Don't let them in... 😨
I'm getting below error while building.
ERROR: for secrets-poc_my_sql_1 Cannot create container for service my_sql: invalid mount config for type "bind": stat /home/user1/secrets-poc/super_duper_secret.txt: permission denied
ERROR: for my_sql Cannot create container for service my_sql: invalid mount config for type "bind": stat /home/user1/secrets-poc/super_duper_secret.txt: permission denied
ERROR: Encountered errors while bringing up the project.
Anything I am missing here?
The nodejs service will immediately exit, but the idea is to have it run sample-node.js.