Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Variables by Secrets
- Sample script that allows you to define as environment variables the name of the docker secret that contains the secret value.
- It will be in charge of analyze all the environment variables searching for the placeholder to substitute the variable value
- by the secret.
- ## Usage
- You can define the next environment variables:
- ``` bash
- $ env | grep DB_
- DB_HOST=my-db-host
- DB_USER=my-db-user
- DB_PASS=my-db-pass
- ```
- And nothing would happen. None of the variables would be modified when starting the container.
- But if you define variables with the defined placeholder it will expand the value with the referred secret.
- ### Example
- Create Secret
- ``` bash
- echo "my-db-pass" | docker secret create secret-db-pass -
- ```
- ``` bash
- $ env | grep DB_
- DB_HOST=my-db-host
- DB_USER=my-db-user
- DB_PASS={{DOCKER-SECRET:secret-db-pass}}
- ```
- When starting the script will search for the placeholder `{{DOCKER-SECRET:xxxx}}` on each
- environment variable and will substitute the value by the content of the secret `xxxx`,
- in this example it means to end up with:
- ``` bash
- DB_HOST=my-db-host
- DB_USER=my-db-user
- DB_PASS=my-db-pass
- ```
- ### How to use it
- If you want to use this feature on any image just add the env_secrets_expand.sh
- file in your container entrypoint script and invoke it with `source env_secrets_expand.sh`
- ### How to test this
- Build a sample image with the required dependency and enter into it:
- ``` bash
- docker run --rm -v $PWD:/test -it alpine sh
- ```
- Just emulate the creation of a secret and the example variables with the next commands:
- ``` bash
- mkdir -p /run/secrets/
- echo "my-db-pass" > /run/secrets/secret-db-pass
- export DB_HOST=my-db-host
- export DB_USER=my-db-user
- export DB_PASS={{DOCKER-SECRET:secret-db-pass}}
- ```
- Execute the script:
- ``` bash
- ENV_SECRETS_DEBUG=true /test/env_secrets_expand.sh
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement