20

I'm reading up on Docker Secrets and keep reading that the folks at Docker deliberately chose storing secrets in files under /run/secrets rather than going with environment variables. But nowhere have I been able to find an explanation as to why.

So I ask: why is using the Docker Secrets mechanism more secure than injecting environment variables into my containers (via -e or a --env-file)?

smeeb
  • 27,777
  • 57
  • 250
  • 447

1 Answers1

21

Because secrets are encrypted. From the documentation :

Secrets are encrypted during transit and at rest in a Docker swarm. A given secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.

you can also

use Docker secrets to centrally manage this data and securely transmit it to only those containers that need access to it.

The problem with environment variables is that all your passwords and ssh keys are stored in clear and all processes with the same privileges or more privileges as you, have also access to these credentials. In *nix OS, you can easily read environment variables of a process with a pid value of <pid> with :

cat /proc/<pid>/environ
Ortomala Lokni
  • 56,620
  • 24
  • 188
  • 240
  • 1
    Thanks @Ortomala (+1) - this is starting to make a lot more sense to me! Quick question: are Docker secrets only available to containers running inside a Docker Swarm? or can I configure my standalone (non-Swarm) containers to use secrets as well? – smeeb Jun 18 '17 at 16:42
  • 1
    You are welcome. About your question, the documentation says: `Docker secrets are only available to swarm services, not to standalone containers.` – Ortomala Lokni Jun 18 '17 at 18:36
  • Also, all the ENV vars and their values can be viewed with `docker inspect` command, including your passwords and other _secret_ info. – hisa_py Jun 20 '17 at 03:32
  • 1
    environment variables read into a container via an .env file are NOT (directly) revealed in logs – Josh E Mar 15 '18 at 14:43