-
-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Docker Secrets Support #161
base: main
Are you sure you want to change the base?
Conversation
Documentation Update Add more examples to the compose
What's the benefit of this over putting your sensitive data in |
docker-compose.yml
Outdated
@@ -13,3 +24,30 @@ services: | |||
environment: | |||
# - [email protected] | |||
# - NOTIFY='tgram://...' | |||
# - NOTIFY_TITLE="Optional title for notifications" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't want another place to keep options in sync besides config.js
and README.md
.
Is this useful for some software to offer a template? (There's already some external Unraid template.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That is a good wish. I can remove them, but at least compose example should be copy-paste working, so that it contains basic needed data.
There is no clear benefit if I read documentation carefully before to do it 😵💫. I didn't know that this was supported, sorry for that. Probably that was caused by my own setup, I do share some Secrets across containers with docker secrets feature, so that I simply need to declare them additionally in a yaml file.
To be honest I do not like docker secrets implementation, rather as it is done in kubernetes - you declare secret, it is variable, not a file, that you need to read and import. |
@@ -13,6 +13,34 @@ rm -f /fgc/data/browser/SingletonLock | |||
# ls -l /tmp/.X11-unix/ | |||
rm -f /tmp/.X1-lock | |||
|
|||
# Check and export secrets to variables if exist | |||
# Get list of VARIABLES with "_FILE" at the end | |||
SECRETS_LIST=$(env | grep "_FILE") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought also to limit those to only credentials and add here whitelist, e.g. PASSWORD_FILE
, EMAIL_FILE
, OTP_FILE
.
grep -E "PASSWORD_FILE|EMAIL_FILE|OTP_FILE"
Add non secrets example. Move to generic variables
Documentation Update
Add more examples to the compose
Now any Variable that set with
_FILE
at the end will be treated as Docker Secret.