Cannot access to secrets .net core with Docker
In my .net core Api i use secrets.json:
{"UserServiceSecretKey": "secretKey123456"}
Evidently in my .csproj:
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
<UserSecretsId>6da803bf-439d-4e34-8735-195d652e8366</UserSecretsId>
<DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
</PropertyGroup>
And use in my Startup.cs ConfigureServicesMethod():
var secretKey = Configuration["UserServiceSecretKey"];
if (string.IsNullOrEmpty(secretKey))
Console.WriteLine("Error: KEY UserServiceSecretKey cannot be null...");
If run the application on IISExpres it works (get the secret key).
But if i run the Api in docker like docker-compose, then in runtime the secret key is not obtained:
In my docker-compose.override file i have:
tresfilos.users.service:
environment:
- ASPNETCORE_ENVIRONMENT= Development
- ASPNETCORE_URLS= https://+:443;http://+:80
ports:
- "7002:80"
- "7003:443"
volumes:
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
Additional, i have defined the APPDATA environment variable:
How can i access to secret key when i run the Api in docker ?
Docker secrets are loaded into memory as files inside /run/secrets directory, not as mounted directory, so you need to read it from memory
There are 3 steps,
1. docker-compose file
version: "3.9"
services:
redis:
image: redis:latest
deploy:
replicas: 1
secrets:
- my_secret
- my_other_secret
secrets:
my_secret:
file: ./my_secret.txt
my_other_secret:
external: true
note: you can add secrets to docker either by using a file or by defining as external resource, which means that it has already been defined in Docker, either by running the docker secret create command or by another stack deployment. If the external secret does not exist, the stack deployment fails with a secret not found error.
2. Install a nuget package
Microsoft.Extensions.Configuration.KeyPerFile
3. Add a config entry to Startup.cs
config.AddKeyPerFile(directoryPath: "/run/secrets", optional: true);
- Why docker container exits immediately
- The Name of Hyperledger Fabric Test Network is not detected by an Application given in the fabric samples
- What is the difference between alpine docker image and busybox docker image?
- Inspect local image with Skopeo
- FastAPI inside docker stopped receiving any requests after a while
- At least one invalid signature was encountered
- docker build --platform=linux/amd64 fails: ERROR: failed to solve: no match for platform in manifest
- Unable to access hiveserver2 via beeline
- What is the "RECLAIMABLE" space displayed in docker system df?
- Deploying sites on Kubernetes pods and deployment not showing
- PostGIS Installation "could not open extension control file"
- Broken urls in Jekyll in Docker
- Docker Desktop for Windows Dashboard runs but not Docker itself
- You're not authorized to run analysis. Please contact the project administrator Sonarqube local
- Traefik can't connect to ACME Server
- How do I configure Nginx Proxy Manager to proxy an OnlyOffice Document Server Docker container?
- bcrypt and Docker bcrypt_lib.node: invalid ELF header
- How to handle long startup times in Azure App Service deployment
- Why set VISIBLE=NOW in /etc/profile?
- Go App deployment error on redhat openshift. CreateContainerError
- error MSB3073: The command "npm install" exited with code 1
- When pushing to ECS, Docker image errors out with module not found error
- Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock
- docker-compose is installed but docker compose is not recognized
- How to know if a docker container is running in privileged mode
- What is the point of WORKDIR on Dockerfile?
- How to install PHP composer inside a docker container
- Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
- Docker repository server gave HTTP response to HTTPS client
- How can I resolve “server gave HTTP response to HTTPS client”