0

I am using the following code in a docker-compose.yml file.

I also start the container with "docker stack deploy -c docker-compose.yml default" in windows command prompt.

Swarm is active.

For the love of god (got to be honest, I've started my studies in this field not so long ago) I can not figure out why the DEBUG env will always set to " /run/secrets/debug" string and not the actual value of the secret key.

I've checked the live containe, and it does contain the debug file in /run/secrets, and if i run "cat debug" I get the secret value back.

Can anyone help me?

Code below:

version: '3.9'
services:
  portfolio:
    image: kcisijohnny/portfolio
    build: portfolio
    ports:
      - '5000:5000'
    networks:
      - portfolio_network
    environment:
      DEBUG: /run/secrets/debug
    secrets:
      - debug
secrets:
  debug:
    external: true
    name: debug

I've tried every variation I foud online in the docker-compose.yml: DEBUG: cat /run/secrets/debug DEBUG: cat "/run/secrets/debug"

  • DEBUG=$(cat /run/secrets/debug)
  • DEBUG=$$(cat /run/secrets/debug) non if these worked.
rothweil.miklos
  • 1
  • It is not ideal to set such a variable via a secret, bc - as the name already suggests - secrets are meant to store secrets. For more information about your topic see https://medium.com/@basi/docker-environment-variables-expanded-from-secrets-8fa70617b3bc – tjarbo Nov 01 '22 at 13:08
  • Your attempts to use e.g. `DEBUG=$(cat /run/secrets/debug)` are not working, as these are - if at all - executed on the docker host and not inside your container. On your host this secret is not located at `/run/secrets/debug)` – tjarbo Nov 01 '22 at 13:09
  • First of, thank you very much for your response! If i understand it correctly, creating a secret key is good, but I should not set it to an environment variable, but should refer to the secret key in my (let's say) web app included in the container? – rothweil.miklos Nov 01 '22 at 13:32
  • Yes, so the best case would be, that u define the path to a secret via an environment variable and that u adopt your application to get the target path from this env-var and to read the secret-value from this path (it is a simple file read). This is the flow, for that docker secrets were introduced. But if you want to keep things simple, you can directly define your secret-value within your docker-compose file and set it as an env-var. This is also common, compare with https://github.com/docker-library/docs/tree/master/mysql#-via-docker-stack-deploy-or-docker-compose . – tjarbo Nov 01 '22 at 13:43
  • Thank you very much, this was very informative! – rothweil.miklos Nov 04 '22 at 15:27

0 Answers0