Bulk Stash is a docker rclone service to sync, or copy, files between different storage services. For example, you can copy files either to or from a remote storage services like Amazon S3 to Google Cloud Storage, or locally from your laptop to a remote storage.
This brings support for carrying secrets into a bulkstash container when using Docker swarm. Secrets are kept safe all along until rclone.sh resolves them to an environment variable in order to pass the information to rclone. This is as long as it can go for keeping the information safe while still benefiting from the flexibility of declaring sources and destinations using environment variables. Going further would require the use of a configuration file for rclone, a file that would be carried into the container using secrets.
The implementation automatically resolves all environment variables which value is similar to DOCKER-SECRET::<path> to the content of the file passed instead of <path>. Relative paths are resolved within /run/secrets, which is the default location for secrets in swarm. Any other variable which value does not start with DOCKER-SECRET:: will not be resolved and kept as-is.
This brings support for carrying secrets into a bulkstash container when using Docker swarm. Secrets are kept safe all along until
rclone.shresolves them to an environment variable in order to pass the information torclone. This is as long as it can go for keeping the information safe while still benefiting from the flexibility of declaring sources and destinations using environment variables. Going further would require the use of a configuration file forrclone, a file that would be carried into the container using secrets.The implementation automatically resolves all environment variables which value is similar to
DOCKER-SECRET::<path>to the content of the file passed instead of<path>. Relative paths are resolved within/run/secrets, which is the default location for secrets in swarm. Any other variable which value does not start withDOCKER-SECRET::will not be resolved and kept as-is.