Passwords should be stored in docker secrets #85
Comments
|
Thanks for the issue, @kafeinnet Docker secrets is available in docker 1.13 or higher. I primarily use CoreOS to host my containers and docker 1.13 is not available just yet (see: https://coreos.com/releases ). I can make the suggested changes. Would you be OK with the entrypoint script checking for the existence of secrets using the same naming convention as the environment variables? Example: |
|
Yep, that would be perfect. |
|
Hi @kafeinnet Please check the newest version of the latest tag and let me know if it works for you 😄 |
|
There is a typo (some spaces around =) when you read the content of the secret files which cause an error. Beside that, it works perfectly. I made a pull request ( #87 ) with the typo corrected and a new option I needed for my setup. Fell free to merge it. \fab |
|
Hi @kafeinnet Oops! Thanks for finding and fixing it 👍 |
Hi,
Env vars are insecure. So, passwords like the mysql one should be retrieved from docker secrets instead of env vars.
Maybe the entrypoint script could source secret if any is provided (/run/secrets/*), then get password from env var if no secret is present, then default to a random value.
\fab
The text was updated successfully, but these errors were encountered: