Managing Secrets in Docker Compose v3.1
Last Updated :
27 Aug, 2024
In modern application development, a high level of concern in the security of sensitive information like passwords, API keys, and certificates is a must. It is all about managing the secrets in such a manner that they cannot be disclosed in the code or the version control with the containerized environment. With Docker Compose v3.1, there was a very nice solution to this issue natively: managing the values of secrets. This will enable developers to safely inject sensitive data into their containers in a way it is managed encrypted and isolated. This article is going to cover secret value work using Docker Compose v3.1: a no-nonsense guide on how to safely manage sensitive information in containerized applications.
Primary Terminologies
- Secrets: In Docker, secrets represent sensitive information—passwords, tokens, certificates, and suchlike—as encrypted pieces of data. Those secrets are securely kept and will be available to only the services that need them in a legitimate way. The illegal access is therefore curtailed. It's a secure way, as secrets are not stored in a docker image used for the docker container.
- Docker Compose: is a tool for defining and managing multi-container Docker applications. With a docker-compose.yml file, you can define services, networks, and volumes to make up an otherwise complex setup.
- Docker Swarm Mode: Native clustering and orchestration for Docker. You can manage a cluster of Docker nodes, and the secrets are securely distributed over the nodes that make up the swarm so that only intended services have access to them.
- YAML: A human-friendly data serialization standard widely used in configuration files. Docker Compose uses YAML to describe the configuration of services, docker networks, docker volumes, and secrets in a multi-container application.
- Environment variables: Variables passed to the container at runtime. In Docker Compose, it might be referencing secrets, meaning that applications running inside the containers can safely access sensitive information without hardcoding it inside the application code.
Step-by-Step Process for Managing Secret Values with Docker Compose v3.1
Step 1: Install Docker
Install docker by using the following command
sudo yum -y install docker
Start and enable docker by using following command
sudo systemctl start docker
sudo systemctl enable docker
sudo systemctl status docker
Step 2: Install Docker compose
sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
Step 3: Enable Docker Swarm Mode
Before using secrets, ensure Docker Swarm mode is enabled on your Docker host. If you haven't already initialized Swarm mode, you can do so with the following command:
docker swarm init
Step 4: Create Docker Secrets
- Secrets must be created in Docker Swarm before they can be used in your Compose file. Secrets can be created from files or directly from strings.
docker secret create my_secret_key /path/to/my_secret_key.txt
docker secret create my_db_password /path/to/my_db_password.txt
Or
Create secrets from strings:
echo "my_secret_key_value" | docker secret create my_secret_key -
echo "my_db_password_value" | docker secret create my_db_password -
We can check docker secret list by using following command
docker secret ls
Step 5: Define Secrets in Docker Compose File
- In your docker-compose.yml file, you need to define the secrets and specify which services should use them
version: '3.1'
services:
web:
image: my_image:latest
secrets:
- my_secret_key
- my_db_password
deploy:
replicas: 2
secrets:
my_secret_key:
external: true
my_db_password:
external: true
Step 6: Access Secrets in Your Application
Example in Python:
with open('/run/secrets/my_secret_key', 'r') as secret_file:
secret_key = secret_file.read().strip()
with open('/run/secrets/my_db_password', 'r') as password_file:
db_password = password_file.read().strip()
Step 7: Deploy Your Stack
Deploy the Docker Compose stack with the following command:
docker stack deploy -c docker-compose.yml my_stack
Step 8: Verify Secrets Usage
Ensure that the secrets are correctly mounted and used:
- List secrets: Confirm that the secrets are available in Docker:
docker secret ls
Conclusion
Docker Compose v3.1 provides a means to manage secret values. It is good practice for securing sensitive information within containerized environments. With native support for secrets from Docker, developers can ensure that passwords, API keys, and other forms of confidentially held information are stored properly, encrypted, and accessible only to the services that need them. This improves not only the security of the service but also makes secret management itself easier and decreases risks of accidentally exposing secrets in repositories or during deployment. As our applications become increasingly complex and larger in scale, powered by the flexibility provided by containers, Docker Compose v3.1 secret management features will just become more a part of keeping our development pipeline safe and sound.
Similar Reads
Non-linear Components
In electrical circuits, Non-linear Components are electronic devices that need an external power source to operate actively. Non-Linear Components are those that are changed with respect to the voltage and current. Elements that do not follow ohm's law are called Non-linear Components. Non-linear Co
11 min read
Class Diagram | Unified Modeling Language (UML)
A UML class diagram is a visual tool that represents the structure of a system by showing its classes, attributes, methods, and the relationships between them. It helps everyone involved in a project—like developers and designers—understand how the system is organized and how its components interact
12 min read
Spring Boot Tutorial
Spring Boot is a Java framework that makes it easier to create and run Java applications. It simplifies the configuration and setup process, allowing developers to focus more on writing code for their applications. This Spring Boot Tutorial is a comprehensive guide that covers both basic and advance
10 min read
Backpropagation in Neural Network
Backpropagation is also known as "Backward Propagation of Errors" and it is a method used to train neural network . Its goal is to reduce the difference between the model’s predicted output and the actual output by adjusting the weights and biases in the network. In this article we will explore what
10 min read
Polymorphism in Java
Polymorphism in Java is one of the core concepts in object-oriented programming (OOP) that allows objects to behave differently based on their specific class type. The word polymorphism means having many forms, and it comes from the Greek words poly (many) and morph (forms), this means one entity ca
7 min read
AVL Tree Data Structure
An AVL tree defined as a self-balancing Binary Search Tree (BST) where the difference between heights of left and right subtrees for any node cannot be more than one. The absolute difference between the heights of the left subtree and the right subtree for any node is known as the balance factor of
4 min read
What is Vacuum Circuit Breaker?
A vacuum circuit breaker is a type of breaker that utilizes a vacuum as the medium to extinguish electrical arcs. Within this circuit breaker, there is a vacuum interrupter that houses the stationary and mobile contacts in a permanently sealed enclosure. When the contacts are separated in a high vac
13 min read
3-Phase Inverter
An inverter is a fundamental electrical device designed primarily for the conversion of direct current into alternating current . This versatile device , also known as a variable frequency drive , plays a vital role in a wide range of applications , including variable frequency drives and high power
13 min read
What Is Cloud Computing ? Types, Architecture, Examples and Benefits
Nowadays, Cloud computing is adopted by every company, whether it is an MNC or a startup many are still migrating towards it because of the cost-cutting, lesser maintenance, and the increased capacity of the data with the help of servers maintained by the cloud providers. Cloud Computing means stori
15 min read
What is a Neural Network?
Neural networks are machine learning models that mimic the complex functions of the human brain. These models consist of interconnected nodes or neurons that process data, learn patterns, and enable tasks such as pattern recognition and decision-making.In this article, we will explore the fundamenta
14 min read