2

I have been trying to understand how to handle credentials (e.g. database passwords) with Docker Compose (on Linux/Ubuntu) in a secure but not overly complicated way. I have not yet been able to find a definitive answer.

I saw multiple approaches:

  1. Using environment variables to pass credentials. However, this would mean that passwords are stored as plain text both on the system and in the container itself. Storing passwords as plain text isn't something I would be comfortable with. I think most people use this approach - how secure is it?
  2. Using Docker secrets. This requires Docker Swarm though which would just add unnecessary overhead since I only have one Docker host.
  3. Using a Password Vault to inject credentials into containers. This approach seems to be quite complicated.

Is there no other secure, standardized way to manage credentials for Docker containers which are created with Docker Compose? Docker secrets without the need of Docker Swarm would be perfect if it existed.

Thank you in advance for any responses.

Tando
  • 21
  • 3
  • 1
    Docker secrets without the need of Docker Swarm? Check https://stackoverflow.com/q/53751168/12501050 – m19v Oct 07 '22 at 16:22
  • I think I've read that one as well during my research. I think the compose feature that is being used there is called [fake secrets](https://github.com/docker/compose/pull/4368). I.e. Docker Compose doesn't support real (swarm) secrets and imitates them by bind-mounting files into the container. So, from what I understand, it is just mounting files containing passwords in plain text, i.e. I would be storing plaintext passwords on my system. Encrypted secrets can only be created when using Docker Swarm. Please correct me if I am wrong. – Tando Oct 07 '22 at 17:38
  • Docker swarm is dead for all practical purposes ... however even with a single host you can just do swarm init and run it with single host. However for a real production scenario Option #3 is the one that you should go for – Soumen Mukherjee Oct 08 '22 at 15:31

0 Answers0