Merge pull request #1027 from infosiftr/postgres-secrets

Add a "Docker Secrets" section to PostgreSQL too
2017-10-04 10:09:30 -07:00 · 2017-10-04 10:09:30 -07:00 · 8e00481f00
parent e7eb8d02d7 be60045c28
commit 8e00481f00
1 changed files with 10 additions and 0 deletions
--- a/postgres/content.md
+++ b/postgres/content.md
@ -76,6 +76,16 @@ This optional environment variable can be used to send arguments to `postgres in

 This optional environment variable can be used to define another location for the Postgres transaction log. By default the transaction log is stored in a subdirectory of the main Postgres data folder (`PGDATA`). Sometimes it can be desireable to store the transaction log in a different directory which may be backed by storage with different performance or reliability characteristics.

+## Docker Secrets
+
+As an alternative to passing sensitive information via environment variables, `_FILE` may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in `/run/secrets/<secret_name>` files. For example:
+
+```console
+$ docker run --name some-postgres -e POSTGRES_PASSWORD_FILE=/run/secrets/postgres-passwd -d postgres
+```
+
+Currently, this is only supported for `POSTGRES_INITDB_ARGS`, `POSTGRES_PASSWORD`, `POSTGRES_USER`, and `POSTGRES_DB`.
+
 ## Arbitrary `--user` Notes

 As of [docker-library/postgres#253](https://github.com/docker-library/postgres/pull/253), this image supports running as a (mostly) arbitrary user via `--user` on `docker run`.