N. L
Reputation: 55
Accessing sensitive user credentials in entrypoint.sh of docker
Trying to create a few Airflow connections and executing the command in entrypoint.sh file which is passed as entrypoint file in the dockerfile.
As these database credentials are very sensitive, is it possible that we store them securely in kubernetes or any other place on GCP and based on the local, staging or production we' populate them in the entrypoint.sh?
Upvotes: 1
Views: 395
Answers (1)
yogesh kunjir
Reputation: 274
You can store them as kubernetes secret and mount them as an environment variable that will be accessible by entrypoint.sh
Remember kubernetes secret just encode secret as base64 otherwise you can use sealed secrets.
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
Upvotes: 2
Related Questions
- How can I pass secret data to a container
- Consume secret inside dockerfile
- Access Google Cloud service account credentials on Container OS inside Docker Container
- How to provide credentials for Docker commands without first using `docker login`?
- Google Kubernetes Get Credentials
- Passing Google service account credentials to Docker
- How to send sensitive data to docker container during run time
- Pass along user credentials in Docker
- Populating Docker containers with sensitive information using kubernetes
- Docker Security issue around ENTRYPOINT