Hello,

If I create a Docker stack with secrets for Drupal + MariaDB, then I can’t log into the MariaDB, but without secrets I can log in. So it could be because of the secrets.

First I created a network, then secrets and then the docker stack.
Before I used echo for secrets, but now printf, because I read that echo adds newlines: Mariadb - creation with docker secrets not working - #2 by aptalca - Container Support - LinuxServer.io , but still it doesn’t work

docker network create --driver overlay drupal
printf "password1" | docker secret create mariadb-pw -
printf "strongpw1" | docker secret create mariadb-root-pw -
docker stack deploy --compose-file drupal-stack1.yml drupal

version: "3.9"

networks:
  drupal:
    external: true

volumes:
  drupal-modules:
  drupal-profiles:
  drupal-sites:
  drupal-themes:
  mariadb-vol:

secrets:
  mariadb-pw:
    external: true
  mariadb-root-pw:
    external: true

services:
  drupal:
    image: drupal
    deploy:
      replicas: 3
    networks:
      - drupal
    ports:
      - 8080:80
    environment:
      MYSQL_DATABASE: drupal-db
      MYSQL_USER: besucher
      MYSQL_PASSWORD: /run/secrets/mariadb-pw
      MYSQL_ROOT_PASSWORD: /run/secrets/mariadb-root-pw
    volumes:
      - drupal-modules:/var/www/html/modules
      - drupal-profiles:/var/www/html/profiles
      - drupal-sites:/var/www/html/sites
      - drupal-themes:/var/www/html/themes
    secrets:
      - mariadb-root-pw
      - mariadb-pw
 
  mariadb:
    image: mariadb
    deploy:
      replicas: 1
    networks:
      - drupal
    environment:
      MARIADB_DATABASE: drupal-db
      MARIADB_ROOT_PASSWORD: /run/secrets/mariadb-root-pw
      MARIADB_USER: besucher
      MARIADB_PASSWORD: /run/secrets/mariadb-pw
    volumes:
      - mariadb-vol:/var/lib/mysql
    secrets:
      - mariadb-root-pw
      - mariadb-pw

Did you read the doc?

As an alternative to passing sensitive information via environment variables, _FILE may be appended to the previously listed environment variables, causing the initialization script to load the values for those variables from files present in the container.

I had this same problem and it took me a few days of research and testing to find out why. It seems that mariadb 10.4 and later defaults to using unix socket authentication and because of this is ignoring the typed in password. You can test signing in using the secrets file you setup by using the command:
mariadb -u root -p"$(cat /run/secrets/mysql_root_password)" or change the file name for mysql_root_password to match whatever you named your secrets file.

This is a short snippet of what chat gpt said:

• Your password from Docker secrets isn’t working manually because unix_socket authentication is active, and MariaDB ignores passwords for root.

• When you use cat /run/secrets/mysql_root_password inline, it works because MariaDB falls back to password authentication.

• Fix this by disabling unix_socket for root and switching back to password authentication.

I tested passing the secrets file using cat myself, here is the outcome:

PS C:\Users\Solo> docker exec -it 7ea2bb19fe26b6544baa617ebc00a10018e9717983408e512bba6b3c6719023b /bin/sh
# mariadb -u root -p"$(cat /run/secrets/mysql_root_password)"
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 23
Server version: 11.6.2-MariaDB-ubu2404 mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

mariadb_root_password979×512 13.5 KB