Open Beanow opened 6 years ago
I think the scope is broader, and treafik should be adapted to read the contents of files when a file path is passed via special ENV variable
The suffix _FILE
is a good alternative, and it's being used in official docker images like this.
So the issue cloud be something like : "Add _FILE
suffix as an alternative to use file contents as the value of the variable."
My case is for ACME DNS Challenge for Cloudflare, and to save the CLOUDFLARE_API_KEY
as a docker secret.
Just use a CLOUDFLARE_API_KEY_FILE
instead of CLOUDFLARE_API_KEY
could solve.
Ex.:
environment:
- CLOUDFLARE_EMAIL=me@example.com
- CLOUDFLARE_API_KEY_FILE="/run/secrets/cloudflare_api_key"
Do you want to request a feature or report a bug?
Feature
What did you expect to see?
CONSUL_HTTP_TOKEN
seems to be the only documented way to use Consul ACLs. In Docker Swarm configurations this token should be read from a file instead. As ENV vars are not treated as secret and will leak.An alternative such as
CONSUL_HTTP_TOKEN_FILE
or better yet--consul.httpTokenFile
and it's TOML equivalent would be much better for swarm security.