0

I have a docker swarm which I start with this compose file:

version: "3.1"

services:
  my_service:
    image: my_image
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /run/secrets:/run/secrets
    secrets:
      - my-secret
secrets:
  my-secret:
    file: my_secret.txt

Now, within the container running my_service, I start a new sibling container (note I've mounted the docker socket), which I want to have access to my-secret, although it's not part of the swarm. What's the best way to do this?

Simply mounting the secrets as a volume (docker run -v /run/secrets:/run/secrets sibling_image) doesn't work, the sibling container can see my-secret, but it's empty.

Passing an environment variable works, but it's a little too cumbersome if I have many secrets: docker run -it --env MY_SECRET=$(cat /run/secrets/my-secret) sibling_image

Meidan Alon
  • 3,074
  • 7
  • 45
  • 63
  • 2
    Why don't you run the sibling container as another service? That way you can pass the secret via Swarm. – gesellix Jul 12 '18 at 22:06
  • @geselix the swarm is my Jenkins, and the sibling container is the build agent which is started by Jenkins Pipeline on every build. I provide it with a Dockerfile and Jenkins runs `docker build` and `docker run` (with some parameters I can override). – Meidan Alon Jul 13 '18 at 12:06

0 Answers0