I have a requirement wherein I need to push the .pem file when the container is running. The .pem file will be different for different containers (consider these containers are specific to customers) Any suggestion on how can this be achieved?
You can’t directly add files to a container after building the image. You have to bind mount a folder into your container. This makes a folder on your docker host accessible inside of the docker container. If you copy your .pem file into the mounted folder on the host, it will also be accessible for the docker container.
Your could bind the folder
/root/certs. Then the contents of your hosts folder
/home/user/certs will be accessible inside the docker container in
Thanks, derteufelqwe. Let me try out this way. I’ll get back if I get any issues.
Whilst bind mounting a directory from the host per the suggestion from @derteufelqwe would undoubtedly work, it’s not ideal since it create a coupling to your host and ensuring that the files you need are available in the correct location and state. In other words it makes your container less portable. Ultimately you do need to source your file contents from somewhere, but that could be a network drive, a secrets management application (such as HashiCorp Vault) a binary repository (such as JFrog Artifactory), a github repo (though in this case you would want to make sure that the content is encrypted), you could SCP the file, you could read a stored secret from your CI system or another secrets source available on your platform … and so on … lots of options to do what you need without painting yourself into a corner iro portability. All of the options above can be executed at run time thru a command and/or entrypoint with a script or not depending on the complexity of the option you choose. Simple is good, but not at the expense of security or a future maintenance overhead imho.
Here is a longer article about pitfalls with runtime.exec Is
copy a built-in of cmd.exe, or a separat executable?
I would cut the string into parts, to avoid misinterpretation of blanks/tabs:
"cmd.exe", "/c", "copy", "C:\test1\toto.PDF", "C:\test2\toto.PDF"
But this is all very platform dependend. You should read the file with java and write it to the target location.