1

I'm trying to provide credentials via secrets. I defined them:

$ docker secret ls
ID                          NAME                  DRIVER              CREATED             UPDATED
klsvqjji6bqymndpt3gp1n5na   mysql-password                            35 minutes ago      35 minutes ago
qpxtfsd2qcah35untcma5qb41   mysql-root-password                       34 minutes ago      34 minutes ago
mee647yty7uzlxnur1cmf7xg4   mysql-user                                35 minutes ago      35 minutes ago

... and I used them in docker-compose.yml file:

version: "3.3"

secrets:
  mysql-user:
    external: true
  mysql-password:
    external: true
  mysql-root-password:
    external: true

services:
   db:
    image: mariadb:10.4.5
    secrets:
      - mysql-user
      - mysql-password
      - mysql-root-password
    environment:
      MYSQL_USER: /run/secrets/mysql-user
      MYSQL_PASSWORD: /run/secrets/mysql-password
      MYSQL_ROOT_PASSWORD: /run/secrets/mysql-root-password

      MYSQL_DATABASE: db
    command: ls -l /run

docker-compose up comamnd returns:

db_1  | total 16
db_1  | drwxrwxrwt 2 root  root  4096 May 15 14:06 lock
db_1  | drwxr-xr-x 2 root  root  4096 May 15 14:06 mount
db_1  | drwxrwxrwx 2 mysql mysql 4096 Jun  4 21:20 mysqld
db_1  | drwxr-xr-x 2 root  root  4096 May 15 21:20 systemd
db_1  | -rw-rw-r-- 1 root  utmp     0 May 15 14:06 utmp
db-security-test_db_1 exited with code 0

As you can see there is no secrets directory. Why? What did I miss?

Docker version is 19.03.3.

Docker Compose version is 1.14.1.

4

1 回答 1

1

您需要将 _FILE 附加到 env 变量,从而使初始化脚本从容器中存在的文件中加载这些变量的值。特别是,这可用于从存储在 /run/secrets/ 文件中的 Docker 机密中加载密码。例如:

$ docker run --name some-mysql -e MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql-root -d mariadb:tag

目前,这仅支持

  • MYSQL_ROOT_PASSWORD
  • MYSQL_ROOT_HOST
  • MYSQL_DATABASE
  • MYSQL_USER
  • MYSQL_PASSWORD
于 2019-10-16T04:18:06.267 回答