Chapter 14: Advanced Docker Security – Secrets, Secret Commands, Tagging, and Labels
We've seen several examples so far of the need to use files that contain secrets. We can think of secrets as a generic term for the types of sensitive data that would typically be stored in config and ENV files, such as database access credentials or API tokens. Docker provides a handy method for securing this type of data and sharing it. For legacy systems using swarm mode instead of Kubernetes, having an understanding of how to apply security to these environments is important, as you may have to retroactively fix environments in your career.
Along with managing secret data, we can also use labels and tags to help ensure we are working with security in mind. You've seen tags already in the previous chapter and we will explore these further later in this chapter.
Additionally, we will explore how metadata labels can be used to provide extra information about a container and...