docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[datacenter/ucp] Update secrets per suggestions 

closes #1743

Docker-DCO-1.1-Signed-off-by: Josh Hawn <josh.hawn@docker.com> (github: jlhawn)
This commit is contained in:
Josh Hawn 2017-02-16 13:47:22 -08:00 committed by Joao Fernandes
parent 3ad5c38a77
commit 560640af83
2 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
datacenter/ucp/2.1/guides/user/secrets/grant-revoke-access.md
View File

@ -18,10 +18,9 @@ the secret.
Users that are part of a team with access to that label will be able to see Users that are part of a team with access to that label will be able to see
and use the secret. and use the secret.
In this example, if Jenny is part of In this example, if Jenny is part of a team that has 'Restricted Control' over
a team that has 'Restricted Control' over the `com.docker.ucp.access.label=blog` the `com.docker.ucp.access.label=blog` label, she will be able to use the
label, she will be able to use the secret in her services, as long as the secret in her services, as long as the service also has the same label.
service also has the same label.
This ensures that users can use a secret in their services without having This ensures that users can use a secret in their services without having
permissions to attach to the container running the service and inspect the permissions to attach to the container running the service and inspect the

13
datacenter/ucp/2.1/guides/user/secrets/index.md
View File

@ -48,7 +48,9 @@ you won't be able to edit it or see the secret data again.
![](../../images/manage-secrets-2.png){: .with-border} ![](../../images/manage-secrets-2.png){: .with-border}
Assign a unique name to the service and set its value. You can optionally define Assign a unique name to the service and set its value. You can optionally define
a permission label so that other users have permission to use this secret. a permission label so that other users have permission to use this secret. Also
note that a service and secret must have the same permission label (or both
must have no permission label at all) in order to be used together.
In this example our secret is named `wordpress-password-v1`, to make it easier In this example our secret is named `wordpress-password-v1`, to make it easier
to track which version of the password our services are using. to track which version of the password our services are using.
@ -68,12 +70,17 @@ Start by creating the MySQL service. Navigate to the **Services** page, click
**Create Service**, and choose **Use Wizard**. Use the following configurations: **Create Service**, and choose **Use Wizard**. Use the following configurations:
| Field | Value | | Field | Value |
|:---------------------|:------------------------------------------------------------| |:---------------------------|:-----------------------------------|
| Service name | wordpress-db | | Service name | wordpress-db |
| Image name | mysql:5.7 | | Image name | mysql:5.7 |
| Attached network | wordpress-network | | Attached network | wordpress-network |
| Secret | wordpress-password-v1 | | Secret | wordpress-password-v1 |
| Environment variable | MYSQL_ROOT_PASSWORD_FILE=/run/secrets/wordpress-password-v1 | | Environment variable name | MYSQL_ROOT_PASSWORD_FILE |
| Environment variable value | /run/secrets/wordpress-password-v1 |
Remember, if you specified a permission label on the secret, you must also set
the same permission label on this service. If the secret does not have a
permission label, then this service must also not have a permission label.
This creates a MySQL service that's attached to the `wordpress-network` network, This creates a MySQL service that's attached to the `wordpress-network` network,
and that uses the `wordpress-password-v1`, which by default will create a file and that uses the `wordpress-password-v1`, which by default will create a file