Docker secrets

[SylverRat]

Any ideas how to use docker secrets with this? This does not work for me:

secrets:
  redis_password:
    file: $DOCKER/secrets/redis_password

services:
  redis:
    image: redis:latest
    container_name: redis
    hostname: redis
    restart: always
    command: ["bash", "-c", 'docker-entrypoint.sh --requirepass "$$(cat $$REDIS_PASSWORD_FILE)"']
    secrets:
      - redis_password
    volumes:
      - $DOCKER/redis/redis.conf:/usr/local/etc/redis/redis.conf
      - $DOCKER/redis/data:/data
    environment:
      - REDIS_PASSWORD_FILE=/run/secrets/redis_password

  phpredisadmin:
    image: erikdubbelboer/phpredisadmin:latest
    container_name: phpredisadmin
    hostname: phpredisadmin
    restart: unless-stopped
    depends_on:
      - redis
    secrets:
      - redis_password
    environment:
      - REDIS_1_HOST=redis
      - REDIS_1_AUTH_FILE=/run/secrets/redis_password

TIA,

[erikdubbelboer]

I have never worked with Docker secrets before but it seems like they are only available though files.

A pull request to support REDIS_1_AUTH_FILE is welcome.

You would need to check here if getenv($prefix . 'AUTH_FILE') exists, and if it does set something like $server_auth = file_get_contents(getenv($prefix . 'AUTH_FILE'));.

I don't have any setup with Docker secrets to test this so I hope you can make a pull and test this?

[SylverRat]

One little prob, I don’t know, what I should do. 😅 But found this little snippet, maybe you could get something from it…

If you want to load a secrets file into an environment variable, the Official MySQL Docker Image has a solution for you.

See docker_setup_env() and file_env() functions in docker-entrypoint.sh

e.g. - $ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mysql:tag

Results in loading the contents of /run/secrets/mysql-root into MYSQL_ROOT_PASSWORD

[SylverRat]

# usage: file_env VAR [DEFAULT]
#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
        local var="$1"
        local fileVar="${var}_FILE"
        local def="${2:-}"
        if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
                echo >&2 "error: both ${var} and ${fileVar} are set (but are mutually exclusive)"
                exit 1
        fi
        local val="$def"
        if [ "${!var:-}" ]; then
                val="${!var}"
        elif [ "${!fileVar:-}" ]; then
                val="$(< "${!fileVar}")"
        fi
        export "$var"="$val"
        unset "$fileVar"
}

[erikdubbelboer]

I just released a new v1.17.3 version which should have support for this. Can you please check if it works for you?

[SylverRat]

Thank you! Comfirmed, works for me with the OP settings.