dockerdocker-composedocker-secrets

How do I configure a secret in docker compose?


I have a simple docker compose that makes use of a secret. However I have been unable to access the secret. The logs show the /run/secrets/username being passed in the server but not the actual username. What's wrong with my setup? How do I get the secret value from DB_USERNAME within my service?

version: "3.9"

services:
  ...
  bank-microservice:
    image: ${IMAGE_BANK}
    restart: on-failure
    networks:
      - backend
    expose:
      - 80
    secrets:
      - username
    environment:
      - DB_USERNAME=/run/secrets/username
    env_file:
      - ./env/microservice.env
    depends_on:
      - db
secrets:
  username:
    file: ./secrets/username
...

Solution

  • Setting a secret only exposes that value at a filesystem location under /run/secrets. If you want to get that value into a variable, you would need to do that yourself as part of your container startup.

    For example, an ENTRYPOINT script like that this would make /run/secrets/username available as DB_USERNAME:

    #!/bin/sh
    
    if [ -f /run/secrets/username ]; then
      export DB_USERNAME=$(cat /run/secrets/username)
    fi
    
    exec "$@"