I'm reading up on Docker Secrets and keep reading that the folks at Docker deliberately chose storing secrets in files under /run/secrets
rather than going with environment variables. But nowhere have I been able to find an explanation as to why.
So I ask: why is using the Docker Secrets mechanism more secure than injecting environment variables into my containers (via -e
or a --env-file
)?
Because secrets are encrypted. From the documentation :
Secrets are encrypted during transit and at rest in a Docker swarm. A given secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.
you can also
use Docker secrets to centrally manage this data and securely transmit it to only those containers that need access to it.
The problem with environment variables is that all your passwords and ssh keys are stored in clear and all processes with the same privileges or more privileges as you, have also access to these credentials. In *nix OS, you can easily read environment variables of a process with a pid value of <pid>
with :
cat /proc/<pid>/environ