In this step-by-step tutorial, learn how to create and use a Docker secret to help keep your data secure.
Secrets are a very important part of deploying containers and services because they encrypt passwords, API keys, certificates and other information you need to keep private within the container. If you were to store those credentials or other bits of information unencrypted within a container, anyone with the skills could hack in and do with that information what they will.
Fortunately, Docker makes it pretty easy to work with secrets. I will show how to create a secret from a file and then use that secret to deploy a service. All you’ll need to follow these steps is a running Docker Swarm, as secrets are only available to swarm services, not to standalone containers.
1. Create the secret file with a command like nano secrets.txt. In that file, add the secret you want it to house and then save and close the file.
2. Create the secret from the file with a command like docker secret create tr_secret /home/jack/secrets.txt. Be sure to sub in your Linux username instead of my name. You can verify the secret was created with the command docker secret inspect tr_secret.
3. We’ll deploy a service that uses the secret created from a file. The command for this might be like docker service create --name tr_test_service --secret tr_secret redis:alpine. The service should deploy using the encrypted secret you created from the file, and that encrypted file will be housed in the container in the /run/secrets/ directory and will have the same name as the secret you created.
You can delete the secrets file, and you’re done.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New Media. He's covered a variety of topics for over twenty years and is an avid promoter of open source. For more news about Jack Wallen, visit his website jackwallen.com.
