A new argument --secret
was added to the docker service create
command. If a secret is attached, it will be available as a file in the /run/secrets
directory inside all the containers that form a service.
Let's see it in action:
docker service create --name test \
--secret my_secret \
--restart-condition none \
alpine cat /run/secrets/my_secret
We created a service called test and attached the secret called my_secret
. The service is based on alpine
and will output the content of the secret. Since it is a one-shot command that will terminate quickly, we set --restart-condition
to none
. Otherwise, the service would terminate a moment after it's created, Swarm would reschedule it, only to see it terminate again, and so on. We would enter a never-ending loop.
Let's take a look at the logs:
docker logs $(docker container ps -qa)
The output is as follows:
I like candy
The secret is available as the /run/secrets/my_secret
file inside the container.
Before we start discussing...