Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using docker secrets to pass sensitive information via "_FILE" variables. #1056

Merged
merged 1 commit into from
Oct 25, 2022
Merged

Using docker secrets to pass sensitive information via "_FILE" variables. #1056

merged 1 commit into from
Oct 25, 2022

Conversation

vaerh
Copy link
Contributor

@vaerh vaerh commented Oct 14, 2022

Hi Denis, can you review this patch?
We would like to remove all sensitive information from the environment variable file and use docker secrets to pass it.

@vaerh
Update semaphore-wrapper
8cc5b67 
Using docker secrets to pass sensitive information via "_FILE" variables.
@fiftin
Copy link
Collaborator

fiftin commented Oct 23, 2022

Hi @vaerh ,

It is very useful improvement. Сan it break the old behavior?

@vaerh
Copy link
Contributor Author

vaerh commented Oct 25, 2022

I hope it doesn't break. This patch is made to look like a working implementation for mariadb-docker
And we have the production stack with these changes.

@fiftin fiftin merged commit dea5a0f into semaphoreui:develop Oct 25, 2022
@fiftin
Copy link
Collaborator

fiftin commented Oct 29, 2022

Do you have any docs for this feature?

@vaerh
Copy link
Contributor Author

vaerh commented Oct 31, 2022

I'm sorry to be late with the reply.
Maybe not invent anything and slightly correct the excellent description from the MySQL Team?

Docker Secrets
As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container. In particular, this can be used to load passwords from Docker secrets stored in /run/secrets/<secret_name> files. For example docker-compose.yml:

semaphore:
    restart: unless-stopped
    ports:
      - 3000:3000
    image: semaphoreui/semaphore:latest
    environment:
      SEMAPHORE_DB_PASS: /run/secrets/AnsibleSemaphoreMySQLPassword

Currently, this is only supported for SEMAPHORE_DB_USER, SEMAPHORE_DB_PASS, SEMAPHORE_ADMIN, SEMAPHORE_ADMIN_PASSWORD, SEMAPHORE_LDAP_PASSWORD and SEMAPHORE_ACCESS_KEY_ENCRYPTION.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vaerh @fiftin