treasuryesc
commented
1 month ago @revant could you please check this? Is there any way to avoid fixing db password inside docker-compose.yaml?
Closed treasuryesc closed 1 month ago
treasuryesc
commented
1 month ago @revant could you please check this? Is there any way to avoid fixing db password inside docker-compose.yaml?
revant
commented
1 month ago created with docker compose config
Use "docker compose up" directly then. You'll not have the generated yaml file with passwords.
treasuryesc
commented
1 month ago created with docker compose config
Use "docker compose up" directly then. You'll not have the generated yaml file with passwords.
Hi @revant I think I wasn't clear on my issue description. The problem happens in the build process of a custom image and a docker-compose.yaml file for this image. When we use "docker compose --env-file .env -f overrides/compose.mariadb.yaml config > docker-compose.yaml" to create the docker-compose.yaml file, the config in overrides/compose.mariadb.yaml takes ${DB_PASSWORD} from the .env and puts on the docker-compose.yaml the DB password. The request is that overrides/compose.mariadb.yaml should keep the variable ${DB_PASSWORD} instead of replacing it when running "docker compose config", so when we run "docker compose up" docker would take the password from the .env and not from docker-compose.yaml
Another possibility could be using docker compose secrets: https://docs.docker.com/compose/how-tos/use-secrets/
revant
commented
1 month ago You can improve and send PR.
I use Kubernetes for my setup, there I've managed db password through kubernetes secrets.
Is your feature request related to a problem? Please describe. Currently, frappe_docker uses a .env file where we should set the variable DB_PASSWORD in the moment of creating the docker-compose.yaml file (created with docker compose config). The database password is set in this file, which brings security issues.
Describe the solution you'd like The DB_PASSWORD should be set as a variable in docker-compose.yaml instead of using the password directly inside docker-compose.yaml, so we could use a .env located in the same folder of docker-compose.yaml, in order to define the database password only in the .env file and not inside the docker-compose.yaml.