Comments (4)
Yes, you could do that - I take that same approach (using environment variables, but the same idea) in the bootstrap script in chapter 3. The other advantage is that the bootstrap script runs as admin so it has access to the secrets files, and you don't need to run the website in an elevated account (which is a limitation as of 17.06).
But I think there's a point where you need to decide if the benefits of the platform are worth investing in code changes, and secrets is one feature which I think is worth it.
If you use secure secret management outside of the container, but then persist the secret in plaintext inside the container, you're relying on the security of your app to keep it protected. If you use secrets as intended, then you can rely on the security of the platform.
from docker-on-windows.
Do you know if manually copying file into C:\ProgramData\docker\secrets\app-db.connectionstring
inside DockerFile via Add
command will be overwritten by file with the name when container will be run swarm mode? I think this will allow entire configuration be testable/debuggable in dev environment without need to resort for volume mapping and complex docker run
commands. I will try to test it later but I thought you might know already if you tried it.
I think this might be the easiest way to introduce developers to containers without complexity of explaining of volume mapping etc. This way container can be run with straight up docker run
without nothing else both in DEV and PRODUCTION with no code changes required. Just in production secrets
location will be overwritten by swarm.
from docker-on-windows.
I haven't tried but I can't say I like that idea. With secrets you can build your app to be secure by default. If you provide an insecure mode, it should be explicit so you don't accidentally run it insecurely. To do that you just need Docker Compose files with different settings for dev and prod - it's simple but explicit (I describe that in my blog post on Windows Docker secrets).
from docker-on-windows.
I tried it. It does not work. Problem is that when you run this in swarm mode and docker tries to mount swarm secret in that location it fails since there is already a file there, so I went back to your method of environment variables and bootstrap file instead. Still not doing any sort of modifications to any other parts of the system though, just do all the transforms neccessary inside bootstrap.
from docker-on-windows.
Related Issues (14)
- Traefik using named pipes in swarm mode HOT 1
- CH03 - iis-healthcheck
- CH03 - nerd-dinner-web HOT 2
- CH03 - Manifest Unknown HOT 1
- How do you reboot a Windows Container? HOT 1
- Can you provide an example of using complus application in Docker on Windows?
- Linux container on windows server 2019 HOT 2
- ch05 reverse-proxy has problems HOT 1
- System can not find path
- Running docker build on ch03-iis-healthcheck results in build failure at step 6/16 HOT 3
- nuget restore fail ,how to fix HOT 1
- Docker-19-03-1.zip does not exist HOT 1
- G drive solution not work for nodejs inside mount volume in windows container
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker-on-windows.