Docker Secrets
Let’s learn how Docker makes secrets available to apps in a secure way.
We'll cover the following
Many applications need secrets; things as passwords, TLS certificates, SSH keys, and more.
Background
Early versions of Docker had no standardized way of making secrets available to apps in a secure way. It was common for developers to insert secrets into apps via plain text environment variables (we’ve all done it). This was far from ideal.
Docker 1.13 introduced Docker Secrets as first-class objects in the Docker API.
Behind the scenes
Behind the scenes, secrets are encrypted at rest, encrypted in-flight, mounted in containers to in-memory filesystems, and operate under a least-privilege model where they are only made available to services that have been explicitly granted access to them. It’s quite a comprehensive end-to-end solution, and it even has its own docker secret
sub-command.
Workflow
Get hands-on with 1200+ tech skills courses.