Hi Alex, I understand that you should not use the '-e' flags for secrets. A common way is to define the secret file with an environment flag and load it. And in this way you can sopport both. Environment and secrets.
A nice sample is https://github.com/docker-library/wordpress/blob/master/docker-entrypoint.sh Regards, Mike > On 19. May 2020, at 18:22, Alex Soto <[email protected]> wrote: > > Thanks Mike, > > Yes, that would work, but wasn’t the secret mechanism added precisely to > avoid the unsafe environment variables? > > > Best regards, > Alex soto > > > > >> On May 18, 2020, at 2:57 PM, Mike Hummel <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> >> store your secrets as bash script with >> >> key=value >> >> and include the secret in your start script >> >> . /run/secrets/credentials.sh >> >> Now the secrets are available as shell environment. >> >> Regards, >> >> Mike >> >> >>> On 5. May 2020, at 22:16, Alex Soto <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> I found using Docker Secrets a convenient a way to protect passwords when >>> running Docker containers. I know I can reference an environment variables >>> in Karaf's config files, but that is not very secure, or at least less >>> secure than secrets. For example, to configure a key store in the Pax Web >>> config file: org.ops4j.pax.web.cfg one would need to provide a value for >>> key org.ops4j.pax.web.ssl.password. The problem is how to reference a >>> secret, which is a file, as the value of this property? In other words, I >>> am looking for something like: >>> >>> org.ops4j.pax.web.ssl.password=$(cat /run/secrets/keystorepass) >>> >>> Is there anything similar or planned? >>> >>> (Same would be useful to configure the JAAS users in users.properties, etc.) >>> >>> Best regards, >>> Alex soto >>> >>> >>> >>> >> >
signature.asc
Description: Message signed with OpenPGP
