Docker Community Forums

Share and learn in the Docker community.

Docker Swarm Secrets

I have problems with the Secrets. Docker Swarm don’t use the value of the secret.
I create two secrets

echo "password1" | docker secret create my_mysql_wordpress_password -
echo "password2" | docker secret create my_mysql_root_password -

Then I deploy the stack with:

docker stack deploy -c mysql.yml mysql

The mysql.yml file:

version: "3.7"

services:
  mysql:
    image: mariadb:latest
    ports:
      - "0.0.0.0:3306:3306"     
    deploy:
      replicas: 1
      labels:
        - "traefik.enable=false"
    environment:
        - MYSQL_USER=wordpress_admin
        - MYSQL_PASSWORD=/run/secrets/my_mysql_wordpress_password
        - MYSQL_ROOT_PASSWORD=/run/secrets/my_mysql_root_password
    secrets:
      - my_mysql_wordpress_password
      - my_mysql_root_password
    volumes:
      - mysql_data:/var/lib/mysql
    networks:
      - traefik-backend

secrets:
  my_mysql_wordpress_password:
    external: true
  my_mysql_root_password:
    external: true


volumes:
  mysql_data:
    driver: local
    driver_opts:
       o: bind
       type: none
       device: /data/mysql_data

networks:
  traefik-backend:
    external: true

Now the database server starts. When I try now to connect to the server, the password from root is not “password2” (the value from the secret), the password is “/run/secrets/my_mysql_root_password”

What I do wrong? Why it is not the value from secret?

Because environment variables can’t read files. Docker secrets are stores in files like /run/secrets/my_mysql_wordpress_password but linux / docker envs just want strings, not files. Therefore linux will treat

like normal strings. Thats why your envs only contain the file path and not the password stored in the file.

Take a look at mariadbs Docker Secrets section.

https://hub.docker.com/_/mariadb