qdm12
Feature request: allow `config.json` to be provided as a Docker secret.
- What's the feature?
allow config.json to be provided as a Docker secret (by providing a new CLI parameter, or environment variable).
- Extra information?
When using Docker Swarm, the most secure way to provide sensitive information to containers is using Docker secrets. Secrets are mounted into containers at the path /run/secrets/<name>. See the example here.
Using the Docker image, qmcgaw/ddns-updater, there is no way to create a Docker secret of config.json and reference it in the container at the path /run/secrets/....
I tried setting DATADIR=/run/secrets, but this doesn't work because the path is not writable for update.json.
In this scenario, I usually resort to modifying the container entrypoint logic to symlink/copy the secret file to the expected path before invoking the app. However, I'm unable to do that with this image because there is no shell available.
For this to be possible, this app/image would need to do at least one of the following:
- make a shell available in the image (so the user can override the entrypoint before invoking the app)
- make the app respect a parameter, e.g.,
app --config-file /run/secrets/config.json - make the app respect an env var, e.g.,
CONFIG_FILE=/run/secrets/config.json
This would make the app/image more secure and also more portable since it could then rely on Docker secrets/volumes for config.json instead of a host-bind mount, eliminating the need to perform step 1 of the ddns-updater setup.
