Docker Community Forums

Share and learn in the Docker community.

Docker Swarm Secret assigning to Environment Variables

  1. Created three secrets

echo “TEST12” | docker secret create MAIL_SENDGRID_PASSWORD -

echo “TEST23” | docker secret create AWS_S3_ACCESS_KEY -

echo “TEST34” | docker secret create AWS_S3_SECRET_KEY -

  1. Here is the stack file

version: ‘3.7’
secrets:
MAIL_SENDGRID_PASSWORD:
external: true
AWS_S3_ACCESS_KEY:
external: true
AWS_S3_SECRET_KEY:
external: true


services:
eye-app:
image: eye
stop_grace_period: 30s
secrets:
- MAIL_SENDGRID_PASSWORD
- AWS_S3_ACCESS_KEY
- AWS_S3_SECRET_KEY
environment:
- _JAVA_OPTIONS=-Xmx512m -Xms256m
- SPRING_PROFILES_ACTIVE=prod
## Secrests
- MAIL_SENDGRID_PASSWORD=/run/secrets/MAIL_SENDGRID_PASSWORD
- AWS_S3_ACCESS_KEY/run/secrets/AWS_S3_ACCESS_KEY
- AWS_S3_SECRET_KEY=/run/secrets/AWS_S3_SECRET_KEY

Values are not getting assigned to the please help me with this.

You create external secrets on the command line -> check.
You declared the external secets in the docker-compose.yml to register them for use-> check.
You declared the registered secrets to your service in the docker-compose.yml to actualy use them -> check.

You declare environment variables to store the location of the secret -> are you aware of this?
Does your spring app use the environment variabels to actualy load the files and read their content?

Thank you @meyay for the response, I am able to cat the /run/secrets/AWS_S3_SECRET_KEY, and see the value, but I am unable to assign the value to the variable in the environment.

Do we need any extra processing to assign the secrets to environment variables?

Docker swarm services (a stack does start nothing else) do not allow to assign environment variables to an environment variable. Like my last question in my last response already indicates: you need to parse each secret (=each mounted file) individualy. You can either do this in your entrypoint script or in your application.

@jinnabalu I don’t know Spring but this looks like the boilerplate you could adapt for your purpose

https://bmuschko.com/blog/docker-secret-spring-boot/