Secrets are a very important part of deploying containers and services because they encrypt passwords, API keys, certificates and other information you need to keep private within the container. If you were to store those credentials or other bits of information unencrypted within a container, anyone with the skills could hack in and do with that information what they will.
Fortunately, Docker makes it pretty easy to work with secrets. I will show how to create a secret from a file and then use that secret to deploy a service. All you’ll need to follow these steps is a running Docker Swarm, as secrets are only available to swarm services, not to standalone containers.
1. Create the secret file with a command like
nano secrets.txt. In that file, add the secret you want it to house and then save and close the file.
2. Create the secret from the file with a command like
docker secret create tr_secret /home/jack/secrets.txt. Be sure to sub in your Linux username instead of my name. You can verify the secret was created with the command
docker secret inspect tr_secret.
3. We’ll deploy a service that uses the secret created from a file. The command for this might be like
docker service create --name tr_test_service --secret tr_secret redis:alpine. The service should deploy using the encrypted secret you created from the file, and that encrypted file will be housed in the container in the /run/secrets/ directory and will have the same name as the secret you created.
You can delete the secrets file, and you’re done.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays