Docker Secrets

Let’s learn how Docker makes secrets available to apps in a secure way.

We'll cover the following

- Summing up

Many applications need secrets; things as passwords, TLS certificates, SSH keys, and more.

Background

Early versions of Docker had no standardized way of making secrets available to apps in a secure way. It was common for developers to insert secrets into apps via plain text environment variables (we’ve all done it). This was far from ideal.

Docker 1.13 introduced Docker Secrets as first-class objects in the Docker API.

Behind the scenes

Behind the scenes, secrets are encrypted at rest, encrypted in-flight, mounted in containers to in-memory filesystems, and operate under a least-privilege model where they are only made available to services that have been explicitly granted access to them. It’s quite a comprehensive end-to-end solution, and it even has its own docker secret sub-command.

Workflow

Get hands-on with 1400+ tech skills courses.

About the Course

Multi-container Apps with Compose

Docker Swarm

Docker Networking

Docker Overlay Networking

Volumes and Persistent Data

Deploying Applications with Docker Stacks

Security in Docker

What Next

Appendix: Getting Docker and Compose

Docker Secrets

Background

Behind the scenes

Workflow