Skip to content

Commit caaa4e3

Browse files
jslvtrjslvtr
committed
📝 (Secrets) Mention secrets files created by swarm or k8s
1 parent 0f28c39 commit caaa4e3

File tree

1 file changed

+14
-4
lines changed
  • docs/docs/04_docker_intro/04_in_depth_docker_tutorial

1 file changed

+14
-4
lines changed

docs/docs/04_docker_intro/04_in_depth_docker_tutorial/README.md

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -132,7 +132,7 @@ Then create your containers and pass the network to them. For example, this star
132132
docker run -d \
133133
--network network-name --network-alias mysql --platform linux/amd64 \
134134
-v todo-mysql-data:/var/lib/mysql \
135-
-e MYSQL_ROOT_PASSWORD=secret \
135+
-e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password \
136136
-e MYSQL_DATABASE=todos \
137137
mysql:5.7
138138
```
@@ -145,12 +145,22 @@ docker run -dp 3000:3000 \
145145
--network network-name \
146146
-e MYSQL_HOST=mysql \
147147
-e MYSQL_USER=root \
148-
-e MYSQL_PASSWORD=secret \
148+
-e MYSQL_PASSWORD_FILE=/run/secrets/mysql_password \
149149
-e MYSQL_DB=todos \
150150
node:12-alpine \
151151
sh -c "npm install && npm run dev"
152152
```
153153

154+
:::caution
155+
In these I'm not passing the MySQL password directly as an environment variable. Instead, I'm passing the path to a file that contains the password.
156+
157+
That file is created by your Docker orchestration framework's secrets management system. That's a mouthful to say: you define the secret in your orchestration framework, and the framework creates a file which contains the password. That way, the password isn't stored in the environment which is a bit unsafe.
158+
159+
Your application (or, in this case, MySQL), would have to read the contents of the image to find the password.
160+
161+
More info on this when we learn about deploying our app in production!
162+
:::
163+
154164
## How to run multiple containers using Docker Compose
155165

156166
1. Create a `docker-compose.yml` file in the root of your project.
@@ -172,15 +182,15 @@ services:
172182
environment:
173183
MYSQL_HOST: mysql
174184
MYSQL_USER: root
175-
MYSQL_PASSWORD: secret
185+
MYSQL_PASSWORD_FILE: /run/secrets/mysql_password
176186
MYSQL_DB: todos
177187
mysql:
178188
image: mysql:5.7
179189
platform: linux/amd64
180190
volumes:
181191
- todo-mysql-data:/var/lib/mysql
182192
environment:
183-
MYSQL_ROOT_PASSWORD: secret
193+
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/mysql_root_password
184194
MYSQL_DATABASE: todos
185195

186196
volumes:

0 commit comments

Comments
 (0)