CODEWITHSUNDEEP
dockerdocker-secrets
Simon
Simon

Reputation: 1117

Docker /run/secrets is not mount

I'm trying to provide credentials via secrets. I defined them:

$ docker secret ls
ID                          NAME                  DRIVER              CREATED             UPDATED
klsvqjji6bqymndpt3gp1n5na   mysql-password                            35 minutes ago      35 minutes ago
qpxtfsd2qcah35untcma5qb41   mysql-root-password                       34 minutes ago      34 minutes ago
mee647yty7uzlxnur1cmf7xg4   mysql-user                                35 minutes ago      35 minutes ago

... and I used them in docker-compose.yml file:

version: "3.3"

secrets:
  mysql-user:
    external: true
  mysql-password:
    external: true
  mysql-root-password:
    external: true

services:
   db:
    image: mariadb:10.4.5
    secrets:
      - mysql-user
      - mysql-password
      - mysql-root-password
    environment:
      MYSQL_USER: /run/secrets/mysql-user
      MYSQL_PASSWORD: /run/secrets/mysql-password
      MYSQL_ROOT_PASSWORD: /run/secrets/mysql-root-password

      MYSQL_DATABASE: db
    command: ls -l /run

docker-compose up comamnd returns:

db_1  | total 16
db_1  | drwxrwxrwt 2 root  root  4096 May 15 14:06 lock
db_1  | drwxr-xr-x 2 root  root  4096 May 15 14:06 mount
db_1  | drwxrwxrwx 2 mysql mysql 4096 Jun  4 21:20 mysqld
db_1  | drwxr-xr-x 2 root  root  4096 May 15 21:20 systemd
db_1  | -rw-rw-r-- 1 root  utmp     0 May 15 14:06 utmp
db-security-test_db_1 exited with code 0

As you can see there is no secrets directory. Why? What did I miss?

Docker version is 19.03.3.

Docker Compose version is 1.14.1.

Upvotes: 1

Views: 2035

Answers (1)

Soumen Mukherjee
Soumen Mukherjee

Reputation: 3262

You need to append _FILE to the env variables causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/ files. For example:

$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mariadb:tag

Currently, this is only supported for

  • MYSQL_ROOT_PASSWORD
  • MYSQL_ROOT_HOST
  • MYSQL_DATABASE
  • MYSQL_USER
  • MYSQL_PASSWORD

Upvotes: 1

Related Questions