Docker Community Forums

Share and learn in the Docker community.

Can access to docker secrets be restricted in the swarm?

Is it possible to limit the services that can access secrets created with docker secret create?

We work on multi-user docker host, with limited ability to restrict user access.

I’d like a way to grant access to the secrets I create only to certain services (mine!)

Thanks,

G

Are you in the happy position to have a Docker Enterprie subscription? Docker EE includes UCP, which provides a user and ressource managent that allows to restrict access to ressources on a fine grain level even for swarm stack deployments. Each user downloads a client bundle with the connection details to controll the swarm thru UCP.

Without Docker Enterprise, the answer is: nope, everyone who can control docker on a master node will be able to controll all objects, including secrets.

Kuberentes has fine grained RBAC security build in. Swarm byitself does not.

1 Like

No, I am not in the happy position of having a Docker Enterprise subscription :slightly_frowning_face: .

Thank you for your guidance, which is very helpful.

So, perhaps we can consider using Kubernetes under our current constraint, instead of Docker Swarm.

Thanks again,

G