This is a bit of a general question, but I keep missing your youtube live chats (timezones ftw!) and I would have asked there - but here we are... ;-)
Edit: Short version - we seem to have a bit of a mix of using env variables, secrets, config files - some in swarm, some in CI - is there a nicer 'accepted' way of storing these and getting them into running containers? Things like consul/vault seem to be adding even more complexity... :-/
In this repo for instance the Laravel app likes to have either environment variables set, or a local .env file to read from. The MySQL server likes environment variables or files with the username and password set in them.
So I could set environment variables during a CI build for the app, or bind a secret into swarm and link it to the expected .env file - but for the mysql service if I want to share the same CI env variables I'd have to build a custom image during CI or have different secret files mounted into the container with the same info as were already in the CI build as they're not the same format as .env. Then if there are smtp credentials that are in yet another format, some storage/api thing like Minio etc - and dozens of apps all with secrets ... it all seems to get a bit messy with either custom images being built, or info duplicated between CI and swarm.
So I'm just wondering a) am I thinking about this in entirely the wrong way (I often am!), and b) is there a good or commonly accepted way of managing all this?
This is a bit of a general question, but I keep missing your youtube live chats (timezones ftw!) and I would have asked there - but here we are... ;-)
Edit: Short version - we seem to have a bit of a mix of using env variables, secrets, config files - some in swarm, some in CI - is there a nicer 'accepted' way of storing these and getting them into running containers? Things like consul/vault seem to be adding even more complexity... :-/
In this repo for instance the Laravel app likes to have either environment variables set, or a local
.envfile to read from. The MySQL server likes environment variables or files with the username and password set in them.So I could set environment variables during a CI build for the app, or bind a secret into swarm and link it to the expected
.envfile - but for the mysql service if I want to share the same CI env variables I'd have to build a custom image during CI or have different secret files mounted into the container with the same info as were already in the CI build as they're not the same format as.env. Then if there are smtp credentials that are in yet another format, some storage/api thing like Minio etc - and dozens of apps all with secrets ... it all seems to get a bit messy with either custom images being built, or info duplicated between CI and swarm.So I'm just wondering a) am I thinking about this in entirely the wrong way (I often am!), and b) is there a good or commonly accepted way of managing all this?