Can access to docker secrets be restricted in the swarm?

Is it possible to limit the services that can access secrets created with docker secret create?

We work on multi-user docker host, with limited ability to restrict user access.

I’d like a way to grant access to the secrets I create only to certain services (mine!)



Are you in the happy position to have a Docker Enterprie subscription? Docker EE includes UCP, which provides a user and ressource managent that allows to restrict access to ressources on a fine grain level even for swarm stack deployments. Each user downloads a client bundle with the connection details to controll the swarm thru UCP.

Without Docker Enterprise, the answer is: nope, everyone who can control docker on a master node will be able to controll all objects, including secrets.

Kuberentes has fine grained RBAC security build in. Swarm byitself does not.

1 Like

No, I am not in the happy position of having a Docker Enterprise subscription :slightly_frowning_face: .

Thank you for your guidance, which is very helpful.

So, perhaps we can consider using Kubernetes under our current constraint, instead of Docker Swarm.

Thanks again,