Secrets in Docker without Swarm does not work

I am using Docker, but not Swarm. I found out that there is a way to use docker secrets without Swarm as mentioned here or at the official documentation.

But this is just throwing errors. When I run docker-compose up -d I get this:

Command 'docker-compose' not found, but can be installed with: sudo apt install docker-compose

My yaml file looks like this:

version: "3.7"

services:

     db:
        image: mariadb:10.5.2
        env_file:
          - ./db.env
        secrets:
          - rootpass
          - dbpass
          - mysqldb
          - mysqluser
        restart: always
    
    secrets:
      rootpass:
        file: /tmp/root_pass
      dbpass:
        file: /tmp/db_pass
      mysqldb:
        file: /tmp/mysql_db
      mysqluser:
        file: /tmp/mysql_user

When I run a “normal” setup it works fine. Like How To Install and Use Docker Compose on Ubuntu 22.04 | DigitalOcean. I am running docker-compose on a 22.04 LTS Ubuntu Server.

I also tried a different “yaml configuration” like this Advanced Configuration | Nginx Proxy Manager one. I want to set up Nginx Proxy Manager as securely as possible.

Can anyone help?

the error message you shared indicates that docker-compose is not installed and suggest the command to install it. Did you try to follow the suggestion?

Recent versions of the docker-cli support cli-plugins. On Ubuntu the cli-plugin for compose should be automaticaly installed (If I remember as docker-ce recommendation). Try to execute docker compose version, if it returns a version string, you can use docker compose instead of docker-compose.

Your compose file has wrong indentation. This is the correct indentation for the elements you used:

services:
  servicename:
    ..
    secrets:
      - secrethandle

secrets:
  secrethandle:
    file: /path/to/file
  • you can remove the version information, it became optional recently
  • you can even use the long syntax for secrets, which allows to define the target location inside the container and permission

This “secret” is more or less the same as binding a read-only file into the container. A swarm secret on the other hand is stored encrypted in the swarm transaction log, which distributes it on all nodes. In both cases, Both share that the entrypoint script or the main application must know how to read the “secretfile” from a container path, in order to have any functionality.

1 Like

It works with some other images just fine… Just a few minutes ago, I found out by accident that it’s only working without - in between so docker compose instead of docker-compose…

(And following the suggestions did not work( try to install docker-compose with sudo apt install docker-compose)

Now everything is working fine… But still strange i did a web test (HTML Website inside a container) and initialized it with docker-compose and it works…

The other things you mentioned will take some time for me to understand because I just started with docker today and I’m not a native speaker :wink:

But I really appreciate your help :wink:

That would have been an excellent addition to the first post :slight_smile:

What parts didn’t you understand? Just quote them and I can try to rephrase them.

Please mark the post that helped to solve you situation as solution,

  1. This is the Post that solved my Problem… (In a different way, because I decided to “migrate” to traefik instead of using a not "perfectly secured reverse proxy and also because it works in Kubernetes

How can i mark it as solution, there is no Button for me with solution on it

  1. It’s not necessary to paraphrase the Post… It just took some time for me to understand (Read it more than one time)

Thank you for your help :wink:

Pleasure!

I must admit, I have no idea how and when the resolve button appears… It has been a while since I created a thread :blush:

I believe you can’t do that in the “General Discussions” category since it is not for specific questions but discussions so you can like posts but you can’t mark them as solution. I moved the topic from General Discussions to the Open Source Projects / Compose category. Now you should be able to mark a post as solution.