I am working with Spring, Postgres and docker-compose. I want to use secrets for the database user and password but it does not work:
version: '3.5'
services:
web:
build:
context: hello-todos-server
container_name: hello-todos-server
secrets:
- db-password
- db-user
depends_on:
- hello-todo-db
environment:
SPRING_DATASOURCE_USERNAME_FILE: /run/secrets/db-user
SPRING_DATASOURCE_PASSWORD_FILE: /run/secrets/db-password
networks:
- traefik
- hello-todos
labels:
- 'traefik...'
- 'traefik...`)'
- 'traefik...'
- 'traefik...'
hello-todo-db:
image: postgres:14.1-alpine3.15
restart: always
container_name: hello-todo-db
environment:
POSTGRES_USER_FILE: /run/secrets/db-user
POSTGRES_PASSWORD_FILE: /run/secrets/db-password
POSTGRES_DB: hello-todos
secrets:
- db-password
- db-user
networks:
- hello-todos
secrets:
db-password:
file: secrets/secret-db-password.txt
db-user:
file: secrets/secret-db-user.txt
networks:
traefik:
external: true
hello-todos:
external: false
The error:
Caused by: org.postgresql.util.PSQLException: FATAL: password authentication failed for user "postgres"
...
When I connect to the database via
environment:
SPRING_DATASOURCE_USERNAME: the-plain-username-stored-in-the-secret
SPRING_DATASOURCE_PASSWORD: the-plain-password-stored-in-the-secret
it does work. But I would like to do it like
environment:
SPRING_DATASOURCE_USERNAME_FILE: /run/secrets/db-user
SPRING_DATASOURCE_PASSWORD_FILE: /run/secrets/db-password
Is this possible? Or is there a better solution, maybe via the application.yml?
I start my services with docker-compose up.
My application.yml:
spring:
datasource:
url: jdbc:postgresql://hello-todo-db:5432/hello-todos
jpa:
hibernate:
ddl-auto: update
properties:
hibernate:
dialect: org.hibernate.dialect.PostgreSQLDialect
format_sql: true
show-sql: true
database-platform: org.hibernate.dialect.PostgreSQLDialect
