Using Docker Secrets with Docker-Rootless & Docker Compose

jkaszinski · March 12, 2022, 2:03pm

@meyay thanks for the link… I followed the documentation exactly… secrets just don’t seem to work with docker rootless. Logs say:

phpmyadmin_1  | cat: /run/secrets/mysql_root_password: No such file or directory
/usr/local/bin/docker-entrypoint.sh: line 36: /run/secrets/mysql_database: No such file or directory

I think the error is because docker-rootless can’t access /run/secrets/* docker-rootless has `/run/user/$UID/

Although, the files below do exist /run/secrets doesn’t exist so declaring the file is useless.

my validated yaml is:

version: '3.9'

volumes:
  mariadb:
  phpmyadmin:
  redis:
  nextcloud:

networks:
  test-aym:

secrets:
  MYSQL_DATABASE:
    file: ./mysql_database.txt
  MYSQL_PASSWORD:
    file: ./mysql_password.txt
  MYSQL_ROOT_PASSWORD:
    file: ./mysql_root_password.txt
  MYSQL_USER:
    file: ./mysql_user.txt

services:
  mariadb:
    image: mariadb:latest
    restart: always
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    volumes:
      - ./mariadb:/var/lib/mysql
    secrets:
      - MYSQL_ROOT_PASSWORD
      - MYSQL_PASSWORD
      - MYSQL_DATABASE
    environment:
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
      - MYSQL_DATABASE_FILE=/run/secrets/mysql_database
      - MYSQL_USER_FILE=/run/secrets/mysql_user
    networks:
      - test-aym

  phpmyadmin:
    image: phpmyadmin:latest
    restart: always
    ports:
      - 8081:80
    depends_on:
      - mariadb
    secrets:
      - MYSQL_ROOT_PASSWORD
    environment:
      - PMA_HOST=mariadb
      - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
    networks:
      - test-aym

  redis:
    image: redis:latest
    restart: always
    volumes:
      - ./redis:/var/lib/redis
    networks:
      - test-aym

  app:
    image: nextcloud
    restart: always
    ports:
      - 8080:80
    depends_on:
      - mariadb
      - redis
    secrets:
      - MYSQL_PASSWORD
      - MYSQL_DATABASE
    volumes:
      - ./nextcloud:/var/www/html
    environment:
      - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
      - MYSQL_DATABASE_FILE=/run/secrets/mysql_database
      - MYSQL_USER_FILE=/run/secrets/mysql_user
      - MYSQL_HOST=mariadb
      - REDIS_HOST=redis
      - REDIS_PORT=6379
      - NEXTCLOUD_DATA_DIR=/var/www/nextcloud-data
    networks:
      - test-aym

not looking for you to debug my yaml… just a general question…

is the core difference between frameworks reliability & bugs?

Topic		Replies	Views
Secrets in Docker without Swarm does not work Compose docker-compose	6	8642	August 5, 2022
Conflicting documentation and behavior about using secrets General	2	1063	January 23, 2020
Understanding swarm secrets and rootless mode General security , swarm	9	2124	July 6, 2024
Config doesn't work with Compose but Secrets does Compose swarm	0	867	February 12, 2018
Issue: using docker secrets General security , docker , docker-compose	2	1521	September 9, 2022

Using Docker Secrets with Docker-Rootless & Docker Compose

Related topics