Last active
July 23, 2017 23:30
-
-
Save toast38coza/ab3e11a5f0f73604b768939011f1f609 to your computer and use it in GitHub Desktop.
Secrets with docker-compose
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "This is a secret" | docker secret create my_secret_data - |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| version: '3' | |
| services: | |
| someapp: | |
| image: python:3.6 | |
| command: python3 -m http.server | |
| deploy: | |
| replicas: 1 | |
| placement: | |
| constraints: | |
| - node.role == manager | |
| secrets: | |
| - source: my_secret_data | |
| environment: | |
| - MY_SECRET_DATA_FILE: /run/secrets/my_secret_data | |
| secrets: | |
| my_secret_data: | |
| external: true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| os.environ.get('MY_SECRET_DATA') \ | |
| or open(os.environ.get('MY_SECRET_DATA_FILE')).read() | |
| >> 'This is a secret\n' | |
| # or read them all: | |
| [{f: open('/run/secrets/{}'.format(f)).read().rstrip()} for f in os.listdir('/run/secrets')] | |
| >> [{'foo': 'bar'}, {'my_secret_data': 'This is a secret'}] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment