docker-volume-backup
docker-volume-backup copied to clipboard
Use Swarm Secrets for receive AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
Currently S3 documentation with compose file reports:
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID} # Read AWS secrets from environment (or a .env file)
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
but .env
file is not supported with a Stack deployment over Swarm. Instead, Swarm implements Secrets that would be a better solution for security purpose.
Use of them have to be implemented with the application, reading for example from /run/secrets/aws_access_key_id
and /run/secrets/aws_secret_access_key
, because secrets are not injectable directly from docker-stack.yml
into environemnt.
This makes sense.
Want to open a PR? 🙂
Ok I can, but I will need some time. 👍
Any progress on this?
no sorry, very busy with other projects... at this point if other wants to open PR, please
I think you do not need to alter the script but rather alter the readme.
I solved the problem by just creating the whole credentials file as a secret and referencing the actual file with the env var AWS_SHARED_CREDENTIALS_FILE. Btw. not only for secrets but also pretty useful for local environments, if you prefer to store the credentials not within yml.
i.e.:
backup:
image: jareware/docker-volume-backup
environment:
AWS_S3_BUCKET_NAME: my-backup-bucket # S3 bucket which you own, and already exists
AWS_SHARED_CREDENTIALS_FILE: /run/secrets/aws3_credentials
secrets:
aws3_credentials