Environment variables as docker secrets

Hi Team, I was Created a secret called dbhost as (printf “” | docker secret create dbhost -)
and my env is host, for that I created a service as
docker service create --name test --publish 80:80 -e host=/run/secrets/dbhost --secret dbhost image:tag. but it was not taking that values when i exec into container echo$host i am getting a that secret path like /run/secret/dbhost .

Yes, that’s the way it works. You set an env var to a file name, then it‘s value will be the file name. Why should it be different?

i used -e host=/run/secrets/dbhost. I am wrong? or how to achieve that. in this case environment variable is host so i tried -e host=/run/secrets/dbhost

You just set an env var to a value. There is no magic happening, so there is no process that checks if the value is a file and then reads the value from the file and assigns it.

Some Docker containers have some logic for example using USER for the plain username and USER_FILE to read it from a file, but that is application logic, not Docker.

Furthermore, the idea is to NOT expose the value of the secret as environment, but make the application read the file secret directly.

Some programming frameworks allow exposing endpoints that allow dumping environment variables, which if secrets would actually work like vijayiqa thought, would be dumped as well. Thank god they don’t work like that.