1

I have a docker-compose file that connects an app with a database. I'm using docker secrets to hide sensitive data, such as in this case DB credentials, while I can do so with the database service, I'm not able to do the same within the app service, specifically the ConnectionString. I couldn't find much in the documentation regarding this, neither did I find such cases online, there is one example that is given in the documentation with Wordpress service that suggests the solution I'm seeking, but that seems to be only Wordpress related. Where do I go from here?

Wordpress example in documentation:

 wordpress:
     depends_on:
       - db
     image: wordpress:latest
     ports:
       - "8000:80"
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD_FILE: /run/secrets/db_password
     secrets:
       - db_password

My docker-compose file:

version: '3.8'

services:
  testapp:
    image: testapp
    depends_on:
      - testapp_db
    build:
      context: .
      dockerfile: TestApp/Dockerfile
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=http://+:80
      # This works
      - ConnectionStrings__DefaultConnection=Server=testapp_db;Database=TestApp;UserId=postgres;Password=postgres;
      # But I want to do something like this
      - ConnectionStrings__DefaultConnection=/run/secrets/connection_string 
    ports:
      - "60001:80"
    secrets:
      - connection_string
    networks:
      - testapp-network

  testapp_db:
    image: postgres:latest
    environment:
      POSTGRES_USER_FILE: /run/secrets/db_user
      POSTGRES_PASSWORD_FILE: /run/secrets/db_password
      POSTGRES_DB: TestApp
    ports:
      - "5500:5432"
    volumes:
       - postgres-data:/var/lib/postgresql/data
       - ./Persistence/Scripts/db_init.sql:/docker-entrypoint-initdb.d/create_tables.sql
    restart: always
    secrets:
      - db_user
      - db_password
    networks:
       - testapp-network

volumes:
  postgres-data:

secrets:
  db_password:
    file: ./run/secrets/docker-postgres/db_password

  db_user:
    file: ./run/secrets/docker-postgres/db_user

  connection_string:
    file: ./run/secrets/docker-postgres/connection_string

networks:
  testapp-network:
    driver: bridge
Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
Çlirim Murati
  • 53
  • 7

1 Answers1

1

It's actually not related to WordPress, it's general purpose only you can use similar way Docker mounts the secret content at /run/secrets/connection_string

Your code can read the variable and it will get path from there which is /run/secrets/connection_string now your code can read that file runtime and get the content of the secret as simple as that

Here you can refer my Github repo for example : https://github.com/harsh4870/docker-compose-secret

Node js example code : https://github.com/harsh4870/docker-compose-secret/blob/main/index.js

Update

you can use write docker-compose file with entrypoint will set the Environment variable from a file and after that it will the Main process

version: '3'
services:
  redis-server: 
    image: 'redis'
  node-app:
    secrets:
      - connection_string
    build: .
    restart: "no"
    entrypoint: [ "sh", "-c", "export connection=$(cat /run/secrets/connection_string) && npm start"]  
    ports:
      - "4001:8000"
secrets:
  connection_string:
    file: ./connection_string

You application or code will be able to use Env var connection and access direct value

Harsh Manvar
  • 27,020
  • 6
  • 48
  • 102
  • But you still have to configure it programmatically, whereas with ConnectionStrings__DefaultConnection=Server=testapp_db;Database=TestApp;UserId=postgres;Password=postgres; in .Net you don't have to do extra steps, it will overwrite the connection string in appsettings automatically.. – Çlirim Murati Jun 10 '23 at 23:15
  • got your point i have updated the answer you can check once. – Harsh Manvar Jun 11 '23 at 14:25
  • using the env file is also alternate solution here instead of secret. – Harsh Manvar Jun 12 '23 at 11:55