Open Aetherinox opened 2 months ago
Or is the objective here to just allow a secrets file to be hosted on Github, but doesn't do anything to secure the secrets on the host machine.
yes, the goal is to allow the secrets file to be hosted on github. on the host machine, the secrets have to be stored in plaintext, but you should avoid checking those files into the repo.
DCSM is useful for .env files, but is especially helpful with config files that contain a mix of secret and non-secret configuration.
sorry, i don't use portainer so i'm not sure about the portainer-related questions
Another question because it's not clear in the docs. Is it acceptable to break up the env vars between different files.
yes, feel free to break up your environment config into multiple files. you can tell compose
to include all files in the environment of the container.
env_file:
- gotify.env
i think this is the issue. compose
treats relative paths as relative to the compose.yml
file. looks like you should be specifying config/gotify/gotify.env
there to get the env in your environment
In short, I have Portainer. So I can visually go in and view all of the env variables assigned to my container, and the newest env var I added using DCSM doesn't show up in my env var list within Portainer.
Is this part of the expected behavior for DCSM? I mean if it is and it's functioning properly, great.
I've loaded up everything as the documentation has mentioned,
Setup
Structure
In
secrets.yml
I've added:In
gotify.env.template
I've tested withWhen I bring the container up, I can see:
Physically bashing into the container and attempting to do
However, if I do
I do see the env variable set in the file
Another question because it's not clear in the docs. Is it acceptable to break up the env vars between different files.
What I mean is
.env
file which has all of the regular env vars which don't matter if they're seen or not.And finally, I noticed when I bring the docker container up, it takes the
gotify.env.template
file, and creates an additional file on the host machine placed within/config/gotify/gotify.env
, and in that file is the plain-text secret password.Is that normal behavior? Because it seems odd that the objective would be to not have plaintext passwords in a file, and dcsm just takes all of the secrets and decides to create a plaintext file on the host machine. Or is the objective here to just allow a secrets file to be hosted on Github, but doesn't do anything to secure the secrets on the host machine.