Securely storing secrets in Docker
An inevitable part of working with complex, networked software projects is having to deal with secret data. This can be a range of things such as private keys for SSH access, SSL certificates, passwords, and API keys.
In order to share secrets securely with multiple containers, you will, of course, need to avoid attempts to store the secret in the container itself in a fashion that allows a potential attacker to access it. This layer of abstraction is not only useful for managing different sets of credentials based upon the environment, but also provides an extra layer of security should the container be compromised in some fashion.
Thankfully, Docker comes with a useful feature for achieving this goal. It is simply called Docker secrets. In order to use this feature or the Kubernetes equivalent, you will need to implement swarm services or Kubernetes itself. As we have recommended elsewhere in this book, you may wish to avoid swarm services...