Secrets invalid mount config for type 'bind' mount path must be absolute

[jpcmadeira]

Description of the issue

Docker compose does not convert secrets source path correctly while using docker toolbox (virtualbox).

Context information (for bug reports)

Output of docker-compose version

docker-compose version 1.24.0dev, build unknown
docker-py version: 3.7.0
CPython version: 3.7.2
OpenSSL version: OpenSSL 1.1.0j  20 Nov 2018

Output of docker version

Client:
 Version:           18.09.2
 API version:       1.39
 Go version:        go1.11.5
 Git commit:        62479626f2
 Built:             Wed Feb 13 09:02:49 2019
 OS/Arch:           windows/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.3
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       774a1f4
  Built:            Thu Feb 28 06:40:51 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker-compose config (Make sure to add the relevant -f and other flags)

secrets:
  password:
    file: C:\Users\Joaom\teste\secrets\password
  user:
    file: C:\Users\Joaom\teste\secrets\user
services:
  rice:
    image: alpine:3.8
    secrets:
    - source: password
    - source: user
version: '3.6'                                                                                                                                                             

Steps to reproduce the issue

1. Install docker toolbox latest release from Docker toolbox repository on a Windows 10 Home Edition computer.
2. docker-compose up -d

Observed result

Secrets are not mounted in the container, because compose is not converting path from Windows to unix Style correctly like it does for volumes.

Expected result

secrets to be mounted successfully.

Stacktrace / full error message

Creating network "teste_default" with the default driver
Creating teste_rice_1 ... error

ERROR: for teste_rice_1  Cannot create container for service rice: invalid mount config for type "bind": invalid mount path: 'C:/Users/Joaom/teste/secrets/password' mount path must be absolute

ERROR: for rice  Cannot create container for service rice: invalid mount config for type "bind": invalid mount path: 'C:/Users/Joaom/teste/secrets/password' mount path must be absolute
ERROR: Encountered errors while bringing up the project.

[RemiBou]

Same problem here :) I hope the PR can be merged / released soon, thanks

[RemiBou]

After upgrading to the latest verison of docker toolbox for windows, the problem is gone, thanks for your work :):)

[jpcmadeira]

This was not merged yet. Did you implement my changes or did a new docker toolbox version came out?

[RemiBou]

I don't remember on which version I was, but I uninstalled, installed the last version of the toolbox n recreated my docker machine on VirtualBox as well and it's working.

[chris-crone]

Thanks for the report @jmadeira95 and @RemiBou!

@RemiBou can you please check which version of Compose you used?

[RemiBou]

here is my compose file https://github.com/RemiBou/Toss.Blazor/blob/master/docker-compose.yml (just comment the mac part on the secrets for the MS part), I didn't change the compose version. This evening I'll try to find the previous version of docker toolbox on my personal computer download folder. I installed it 1 year ago I'd say.

[kpachhai]

I am having this issue too. Any update on this?

[Saw-mon-and-Natalie]

@jmadeira95, have you tried replacing your paths to

C\:\\Users\\Joaom\\teste\\secrets\\password
C\:\\Users\\Joaom\\teste\\secrets\\user

or

Users/Joaom/teste/secrets/password
Users/Joaom/teste/secrets/user

[jpcmadeira]

Yes i did try that @Saw-mon-and-Natalie

[Saw-mon-and-Natalie]

For my case, I had to make sure the Virtual Box my docker runs on has access to those folders. You might need to create some shared folders.

cd C:/Program Files/Oracle/VirtualBox
#  ^^ over wherever your VirtualBox binaries are located.

./VBoxManage.exe sharedfolder add default --name "path/to/mount/folder/on/docker/vm" --hostpath "\\?\x:\path\to\folder" --automount

default in the command above is the name of the docker virtual box. In your case you might need to type this:

 ./VBoxManage.exe sharedfolder add default --name "/c/Users/Joaom/teste" --hostpath "\\?\c:\Users\Joaom\teste" --automount

This article might help: Docker Toolbox, Windows 7, and Shared Volumes

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[stale[bot]]

This issue has been automatically closed because it had not recent activity during the stale period.

[Virakal]

Sorry if I'm missing something, but if this has been closed, what is the solution to using secret files on Windows with Docker Toolbox?

[chris-crone]

Hi @Virakal,

I'd recommend using Docker Desktop for Windows instead of Docker Toolbox.

[Virakal]

@chris-crone Thank you, but I'm afraid that's not an option for me because Hyper-V breaks other apps that I need. Does Compose not support Toolbox?

[TawapahDev]

Hi @chris-crone, I experiences the same issue. I'm using Windows 8.1 so I can only make use of Docker Toolbox.

[chris-crone]

@Virakal Compose should work with Toolbox but Docker Desktop is really the preferred way to run Docker on Windows. What app are you using that will break if you use Hyper-V?

@soma99 Curious why you're using Windows 8?

[Virakal]

@chris-crone I need Virtualbox for various projects (I'm aware VBox can theoretically work with Hyper-V enabled but last time I tried it wouldn't work on most machines, including mine, and was reported to be extremely slow and unsupported); Vagrant, which I have tried with Hyper-V but found it to be an awful experience; and Android emulators, where the only Hyper-V compatible one I'm aware of doesn't perform well enough for my needs.

[TawapahDev]

@chris-crone The last laptop I bought 5-6 years ago came with Windows 8 (OEM) and I've been using this laptop for local development since then. If I had a choice when I bought it back then, it would properly be running Windows 7, my preferred edition of Windows.

[Virakal]

Given that there still seems to be no solution for this, is there a way to request this issue be repoened, or should I open a new issue linking to this one?

[Toparvion]

It's 2023 but the issue still here. I'm using Docker Desktop v4.19.0 (docker v23.0.5 and docker-compose v2.17.3) with the following compose.yaml file:

services:
  telebot:
    image: ...
    secrets:
      - tg_bot_token
    environment:
      TELEGRAM_BOT_TOKEN: /run/secrets/tg_bot_token
...
secrets:
  tg_bot_token:
    file: telebot.token

and when launching docker-compose up, I'm getting the following:

[+] Running 0/1
 - Container a19fccf13764_telebot  Recreate                                                                                                            0.2s
Error response from daemon: invalid mount config for type "bind": invalid mount path: 'c:/lang/stegotext/telebot/telebot.token' mount path must be absolute

I've tried various forms of the secret path:

• telebot.token
• ./telebot.token
• c:/absolute/path/telebot.token
• c:\absolute\path\telebot.token
• c:\\absolute\\path\\telebot.token

but the result stays the same.

@jpcmadeira, @chris-crone , since the attached PR was not merged, is there a workaround or another issue that's hopefully will be addressed?

[joshooaj]

@Toparvion I ran into this issue today as well. Here's the solution I came up with...

services:
  myservice:
    image: mcr.microsoft.com/windows/nanoserver:ltsc2022
    command: ["cmd.exe", "/C", "type", "C:\\ProgramData\\Docker\\secrets\\mysecret.txt"]
    secrets:
        - source: mysecrets
          target: C:\ProgramData\Docker\secrets\

secrets:
  mysecrets:
    file: secrets

Here's the output of docker compose up

docker compose up
[+] Running 1/0
 ✔ Container temp-myservice-1  Created                                                                                                                                                                                           0.0s 
Attaching to temp-myservice-1
temp-myservice-1  | I like pineapple on pizza.
temp-myservice-1 exited with code 0

In this example, I have a secrets folder with a file named mysecret.txt inside. docker compose mounts the whole folder to C:\ProgramData\Docker\secrets\, and any files in the folder are made available in the container.

I'm not sure if this is how it's intended to work for Windows containers but it'll work just fine for my purposes.

[Toparvion]

@joshooaj , I've transformed my compose.yaml file according to your comment:

services:
  telebot:
    image: ...
    secrets:
      - source: tg_bot_token
        target: /run/secrets/
    environment:
      TELEGRAM_BOT_TOKEN: /run/secrets/tg_bot.token
# ...
secrets:
  tg_bot_token:
    file: secrets

, where secrets is a folder next to compose.yaml file containing the secret tg_bot.token file.

Unfortunately, the result hasn't changed:

c:\lang\stegotext\telebot>docker compose up
[+] Running 0/1
 - Container telebot  Recreate                                                                                                                         0.2s
Error response from daemon: invalid mount config for type "bind": invalid mount path: 'c:/lang/stegotext/telebot/secrets' mount path must be absolute

I think the difference is in the fact that I'm using Windows not inside but outside the container, i.e. on the host machine, and Docker for some reason fails to resolve the path to the secret in this format.

Anyway thanks for the suggestion!

[ygreyeb]

Is there a workaround for this issue? I have the same set up as @Toparvion and docker compose still fails to mount secrets located on my host Windows machine.

[bizrockman]

For me the same. But only with Docker Version 26.1.3 on Linux

With docker Linux 24.0.9 and Windows 24.0.6 everything is working like expected.