docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Secrets handling via entrypoint

Open mabeett opened this issue 1 year ago • 2 comments

Secrets files handled only in the entrypoint, converted during initial execuition.

Fixes #1148

mabeett avatar Aug 18 '24 19:08 mabeett

If you export all secret values as env, they would also shou up in the containers definition etc. again in cleartext.

J0WI avatar Sep 18 '24 20:09 J0WI

If you export all secret values as env, they would also shou up in the containers definition etc. again in cleartext.

What do you mean? the variable is exported in the entrypoint. When I checked it a moth ago I could not get the variable value via docker inspect running_container.

In see. this snippet with a debian image contianer:

$ docker run --name test --rm -it debian
root@9cd023377043:/# export CHECK=gotcha
root@9cd023377043:/# env |  grep got
CHECK=gotcha
root@9cd023377043:/#

in another shell

$ docker inspect test | jq . | grep gotc
$ echo $?
1
$ docker inspect test | jq '.[0].Config.Env[] ' -r
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
$

mabeett avatar Sep 20 '24 17:09 mabeett