Avoid Storing Keys Inside Docker Image

ai-cfia / membrane-backend

Membrane Backend: A centralized authentication service for Single Sign-On (SSO) enabling seamless token-based email verification across multiple client applications.

MIT License

1 stars 0 forks source link

Avoid Storing Keys Inside Docker Image #48

Closed k-allagbe closed 11 months ago

k-allagbe commented 11 months ago

Description

The current Dockerfile copies the keys/ folder into the image, which poses a security issue.

Alternatives

1. Mounted Volumes

Instead of embedding keys in the image, a volume can be mounted from the host machine into the Docker container at runtime using the docker run command.

2. Cloud-Specific Solutions

For environments hosted on cloud services, secret management services offered by the cloud provider can be utilized for secure key management.

rngadam commented 11 months ago

GCP Cloud Run also allows to mount a volume to a deployed container. @redat97 should have the relevant documentation:

https://cloud.google.com/run/docs/configuring/services/secrets ... and in fact should have a Github Issue that he can link here.

Please don't assign yourself issues without prioritization first.