docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Link to docker secret CLI and docker secret compose information (#2993) 

* Link to docker secret CLI and docker secret compose information

* changes to improve description
This commit is contained in:
Steven Hanna 2017-04-24 12:55:21 -04:00 committed by Joao Fernandes
parent 54ff1fe33c
commit 08c99cc625
2 changed files with 70 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
datacenter/ucp/2.1/guides/user/secrets/index.md
View File

@ -132,7 +132,7 @@ Since secrets are immutable in the sense that you cannot change the data
they store after they are created, we can use the following process to achieve they store after they are created, we can use the following process to achieve
this: this:
1. Create a new service with a different password 1. Create a new secret with a different password
2. Update all the services that are using the old secret to use the new one 2. Update all the services that are using the old secret to use the new one
instead instead
3. Delete the old secret 3. Delete the old secret
@ -173,6 +173,10 @@ the file with the content of `wordpress-password-v2` be mounted in
Then do the same thing for the WordPress service. After this is done, the Then do the same thing for the WordPress service. After this is done, the
WordPress application is running and using the new password. WordPress application is running and using the new password.
## Managing secrets through the CLI
You can find additional documentation on managing secrets through the CLI at [How Docker manages secrets](/engine/swarm/secrets/#read-more-about-docker-secret-commands).
## Where to go next ## Where to go next
[Grant access to secrets](grant-revoke-access.md) [Grant access to secrets](grant-revoke-access.md)

65
engine/swarm/secrets.md
View File

@ -846,3 +846,68 @@ the information from a Docker-managed secret instead of being passed directly.
>**Note**: Docker secrets do not set environment variables directly. This was a >**Note**: Docker secrets do not set environment variables directly. This was a
conscious decision, because environment variables can unintentionally be leaked conscious decision, because environment variables can unintentionally be leaked
between containers (for instance, if you use `--link`). between containers (for instance, if you use `--link`).
## Use Secrets in Compose
```
version: '3.1'
services:
db:
image: mysql:latest
volumes:
- db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_root_password
- db_password
wordpress:
depends_on:
- db
image: wordpress:latest
ports:
- "8000:80"
restart: always
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
secrets:
- db_password
secrets:
db_password:
file: db_password.txt
db_root_password:
file: db_root_password.txt
volumes:
db_data:
```
This example creates a simple WordPress site using two secrets in
a compose file.
The keyword `secrets:` defines two secrets `db_password:` and `db_root_password:`.
When deploying, Docker will create these two secrets and populate them with the
content from the file specified in the compose file.
The db service uses both secrets, and the wordpress is using one.
When you deploy, Docker will mount a file under `/run/secrets/<secret_name>` in the
services. These files are never persisted in disk, they're managed in memory
Each service has environment variables to specify where the service should look for
that secret data.
More information on short and long syntax for secrets can be found at
[Compose file version 3 reference](/compose/compose-file/index.md#secrets).