Docker Secrets

Currently reading
Docker Secrets

245
47
NAS
DS918+, DS414j
Operating system
  1. Linux
  2. Windows
  3. other
Mobile operating system
  1. Android
I'm trying to set up docker secrets
I've created a folder /volume2/docker/secrets with a secrets file DBPASS
I've confirmed I can see it and access it, however I get:
Code:
Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /volume2/docker/secrets/DPBASS
The bits from my docker compose:

Code:
########################### SECRETS
secrets:
    DBPASS:
        file: $SECRETSDIR/DPBASS


########################### SERVICES
services:
  joplin:
    image: joplin/server:latest
    container_name: joplin
    hostname: joplin
    secrets:
      - DBPASS
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/DBPASS

What have I done wrong?
Any help greatly appreciated.

I've since found out that this is no more secure than .env which I'm already using, however can't delete the thread.
 
Secrets are meant to be used with Docker Swarm. The only secrecy they provide, is that the content remains encrypted in the cluster state, which is replicated amongst the nodes. Once a secret is mounted as a file inside a container, it will be accessible from inside the container. Storing a secret in a file or in an environment variable is not realy the same. I have seen plenty of applications that provide endpoints ment for health checks, monitoring in general or for debugging that dump out the environment variables.

Docker swarm allows adding secrets using docker secret create and just reference them in a compose file. With docker compose deployments, they are not any better or in any way more secure than read-only binds.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

For the heck of it, I just checked again in docker container, and it announced an update was available. I...
Replies
4
Views
638
  • Question
Do realize, that enabling any user to run docker containers is largely the same as giving that user full...
Replies
6
Views
1,197
Hello, I already have it configured perfectly with wireguard. I was looking at the Gluetun configuration...
Replies
4
Views
823
Thanks... I tried something similar with rsync. The docker volume lived in...
Replies
7
Views
898
I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
683
Good to hear. Deluge has not been updated for almost two years now as an app, nevertheless. But it gives...
Replies
12
Views
1,387
  • Question
Open an issue on that GitHub page. The developers will be glad to assist. OP has posted two threads on...
Replies
5
Views
1,334

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top