Docker Community Forums

Share and learn in the Docker community.

Secrets/configs always group writable


It seems like whenever I use a secret/config they are always group writable, even when I set the mode explicitly non-group writable. Example compose file:

version: "3.4"
    image: alpine
    entrypoint: ["stat", "/foo"]
      - source: foo
        target: /foo
        mode: 400

    file: foo

Permissions from stat:

Access: (0620/-rw--w----)  Uid: (    0/    root)   Gid: (    0/    root)

This seems a bit odd and is problematic for me as I want to use this for ssh authorized_keys, which will error by default if group writable. A short term fix could be just to disable that check, but it still seems weird that docker would change the mode like that.


Ah, I need a 0 in front of the mode for it to interpret it as octal: