Support for secrets in docker-swarm backend

[itssimon]

Docker Swarm supports a secret store which is currently not supported by ShinyProxy. It's a best practice way to store sensitive information in a central place and make these available to containers/services as required.

It would be great to be able to define Docker secrets in the configuration.yml of ShinyProxy which will then be added to launched app services via the --secret argument.

For example:

proxy:
  specs:
    - id: example_app
      ...
      container-secrets:
       - my_secret

[jtelleriar]

@fmichielssen What shall we do order to pass through the application.yml file Docker Swarm Secrets to the Docker Containers triggered by ShinyProxy?

I have been trying to pass Docker Secrets from ShinyProxy Docker Container, to Application Containers, without success:

container-env:
  VAR1: "${cat run/secrets/my-secret}"

Shall I pass the secret on the DockerFile itself?

CMD java -jar \
    -Dproxy.specs.my-container.container-env.my-var="$(cat /run/secrets/my-password)" \
    /opt/shinyproxy/shinyproxy.jar

Which would be the right syntax?

Thanks

[PKcan]

Any suggested syntax here? I am also interested.

[LEDfan]

This has been implemented in ShinyProxy 3.0.0, please check out the documentation: https://shinyproxy.io/documentation/configuration/#docker-swarm-secrets