Thanks Mike, Yes, that would work, but wasn’t the secret mechanism added precisely to avoid the unsafe environment variables?
Best regards, Alex soto > On May 18, 2020, at 2:57 PM, Mike Hummel <[email protected]> wrote: > > Hi, > > store your secrets as bash script with > > key=value > > and include the secret in your start script > > . /run/secrets/credentials.sh > > Now the secrets are available as shell environment. > > Regards, > > Mike > > >> On 5. May 2020, at 22:16, Alex Soto <[email protected] >> <mailto:[email protected]>> wrote: >> >> I found using Docker Secrets a convenient a way to protect passwords when >> running Docker containers. I know I can reference an environment variables >> in Karaf's config files, but that is not very secure, or at least less >> secure than secrets. For example, to configure a key store in the Pax Web >> config file: org.ops4j.pax.web.cfg one would need to provide a value for key >> org.ops4j.pax.web.ssl.password. The problem is how to reference a secret, >> which is a file, as the value of this property? In other words, I am >> looking for something like: >> >> org.ops4j.pax.web.ssl.password=$(cat /run/secrets/keystorepass) >> >> Is there anything similar or planned? >> >> (Same would be useful to configure the JAAS users in users.properties, etc.) >> >> >> Best regards, >> Alex soto >> >> >> >> >
