Hide Yo Passwords!
If you have multiple containers in a swarm service, this won't be the path for you. If you do have a docker swarm service, check out docker secrets.
I however, don't have a swarm, and I don't see any benefit in converting my setup into a swarm of size one, as the docker secret docs offer as a suggestion. So instead, I'll be using good ol' environment variables. The problem however, is that I want to share as much of my code publicly as possible but without exposing any sensitive information. To this end, I'll be using the handy env_file option in my docker-compose file.
You can specify the file location like so:
version: '3'
services:
# PostGIS database
db:
env_file: /opt/db_secrets.env
image: my_postgis
# Redis
redis:
image: redis:3.2.11
hostname: redis
# RabbitMQ
rabbit:
hostname: rabbit
image: rabbitmq:3.7.2
env_file: /opt/rabbit_secrets.env
# Django web server
web:
build: .
env_file: /opt/django_secrets.env
command: python manage.py runserver 0.0.0.0:8000
volumes:
- .:/code
ports:
- "8000:8000"
depends_on:
- db
I've opted to store my environment variable files in the /opt directory, far from my source control directory so I don't accidently end up pushing anything I don't intend to make public.
Make sure to define the environment variables within those files using the following notation, with one credential per line:
username=password
other_username=another_password
Now, the only thing left to do is modify the file permissions for the sake of the docker container:
sudo chown root:docker rabbit_secrets.env
sudo chmod 740 /opt/rabbit_secrets.env
And now you're ready to roll.