docker / compose

Secrets - docker/compose

Secrets in Docker Compose are used to securely store sensitive information such as passwords, API keys, and certificates. They allow you to keep this information out of your Compose files and separate from your code, improving the security and maintainability of your applications.

There are two ways to use secrets in Docker Compose:

  1. External secrets: These are secrets that are managed by an external secret management system, such as HashiCorp Vault or Azure Active Directory. To use external secrets in Docker Compose, you can reference them in your Compose file using the secrets key. For example:
version: '3.7'
services:
app:
image: my-app
secrets:
- my-secret

secrets:
my-secret:
external: true

In this example, the app service uses the my-secret secret, which is managed by an external secret management system.

  1. Inline secrets: These are secrets that are defined directly in your Compose file. To define inline secrets, you can use the secret key and specify the secret data as a string or as a reference to a file. For example:
version: '3.7'
services:
app:
image: my-app
secrets:
- my-secret

secrets:
my-secret:
file: ./my-secret.txt

In this example, the app service uses the my-secret secret, which is defined inline in the Compose file as a reference to the my-secret.txt file.

For more information on using secrets in Docker Compose, you can refer to the official Docker Compose documentation.

Sources: