Docker Secrets

Currently reading
Docker Secrets

245
47
NAS
DS918+, DS414j
Operating system
  1. Linux
  2. Windows
  3. other
Mobile operating system
  1. Android
I'm trying to set up docker secrets
I've created a folder /volume2/docker/secrets with a secrets file DBPASS
I've confirmed I can see it and access it, however I get:
Code:
Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /volume2/docker/secrets/DPBASS
The bits from my docker compose:

Code:
########################### SECRETS
secrets:
    DBPASS:
        file: $SECRETSDIR/DPBASS


########################### SERVICES
services:
  joplin:
    image: joplin/server:latest
    container_name: joplin
    hostname: joplin
    secrets:
      - DBPASS
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/DBPASS

What have I done wrong?
Any help greatly appreciated.

I've since found out that this is no more secure than .env which I'm already using, however can't delete the thread.
 
Secrets are meant to be used with Docker Swarm. The only secrecy they provide, is that the content remains encrypted in the cluster state, which is replicated amongst the nodes. Once a secret is mounted as a file inside a container, it will be accessible from inside the container. Storing a secret in a file or in an environment variable is not realy the same. I have seen plenty of applications that provide endpoints ment for health checks, monitoring in general or for debugging that dump out the environment variables.

Docker swarm allows adding secrets using docker secret create and just reference them in a compose file. With docker compose deployments, they are not any better or in any way more secure than read-only binds.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I can’t find any option to restore just the settings. 1710356648 Phew, managed to fix it. Within the...
Replies
4
Views
401
Good to hear. Deluge has not been updated for almost two years now as an app, nevertheless. But it gives...
Replies
12
Views
967
  • Question
Open an issue on that GitHub page. The developers will be glad to assist. OP has posted two threads on...
Replies
5
Views
965
I'm happy with email notifications but in v0.3.3 of dockcheck the author added apprise notifications...
Replies
4
Views
1,043
I am also trying to setup a Z-wave USB dongle and am getting stuck after following the same steps as...
Replies
1
Views
1,035
How did you create the Portainer container in first place? As in exact docker run commands or in case...
Replies
7
Views
1,241
Looks like I triggered you somehow with my post: it was not my intention. I have no idea whether bash or...
Replies
4
Views
1,536

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top