app icon indicating copy to clipboard operation
app copied to clipboard
verified publisher icon simple-login

allow Docker Secrets (eg; for db password)

Open Slevin90 opened this issue 1 year ago • 2 comments

Prerequisites

  • [ OK] I have searched open and closed issues to make sure that the bug has not yet been reported.

Bug report

the database password is visible in config > .env file in the DB_URI -variable

Expected behavior A safe method would be to use different variables (db_username, db_password, db_name) with support Docker Secrets same for other secrets that can be used in the config

also makes a cleaner conmpose-file where the password can be re-used in the postgres and simplelogin config

Slevin90 avatar Jun 17 '24 10:06 Slevin90

https://github.com/simple-login/simplelogin-postfix-docker/issues/9

similar as the simplelogin-postfix-docker did already

Slevin90 avatar Jun 17 '24 10:06 Slevin90

Even without secrets (which is swarm only and IMHO extremely unusable if you rotate secrets) and *_FILE support I would still never add passwords to the docker-compose file (which you usually want in you git repository. I just use env_file.

docker-compose.yml:

services:
  test:
    image: busybox:latest
    env_file:
      - .env

.env:

TEST_PASSWORD=password

docker compose config:

name: tmp
services:
  test:
    environment:
      TEST_PASSWORD: password
    image: busybox:latest
    networks:
      default: null
networks:
  default:
    name: tmp_default

The .env is just included in the folder where the stack sits but not included into your versioning system (they are usually part of the default .gitignore

Blizzke avatar Jul 29 '24 11:07 Blizzke