Manage secret from file
Hi , Your docker images are awesome , but i want to know , if you project to add the management of file env. Like in mysql image mysql image . The final goal is to manage secret
For example, when launching a MySQL container you can set environment variables to:
-e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_password
The MYSQL_ROOT_PASSWORD environment variable will use the value from the file.
@teddy-dubal we don't current have plans to support value file for every env variable. However while it's not document for regular use, you can specify all / required environment variable values using an inputs file.
for instance with bitnami/mariadb image you can customize https://github.com/bitnami/bitnami-docker-mariadb/blob/master/10.1/rootfs/mariadb-inputs.json and mount it at the /mariadb-inputs.json of the container.
to give an example, edits https://github.com/bitnami/bitnami-docker-mariadb/blob/master/10.1/rootfs/mariadb-inputs.json to specifies the mariadb root password.
{
"allowEmptyPassword": "{{$global.env.ALLOW_EMPTY_PASSWORD}}",
"database": "{{$global.env.MARIADB_DATABASE}}",
"masterHost": "{{$global.env.MARIADB_MASTER_HOST}}",
"masterPort": "{{$global.env.MARIADB_MASTER_PORT_NUMBER}}",
"masterRootPassword": "{{$global.env.MARIADB_MASTER_ROOT_PASSWORD}}",
"masterRootUser": "{{$global.env.MARIADB_MASTER_ROOT_USER}}",
"password": "{{$global.env.MARIADB_PASSWORD}}",
"port": "{{$global.env.MARIADB_PORT_NUMBER}}",
"replicationMode": "{{$global.env.MARIADB_REPLICATION_MODE}}",
"replicationPassword": "{{$global.env.MARIADB_REPLICATION_PASSWORD}}",
"replicationUser": "{{$global.env.MARIADB_REPLICATION_USER}}",
"rootPassword": "secretrootpassword",
"rootUser": "{{$global.env.MARIADB_ROOT_USER}}",
"username": "{{$global.env.MARIADB_USER}}"
}
Launching the container like so will have the desired effect:
$ docker run -it --rm --name mariadb -e ALLOW_EMPTY_PASSWORD=yes -v $PWD/10.1/rootfs/mariadb-inputs.json:/mariadb-inputs.json bitnami/mariadb