Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support more ways to control docker images other than environment variables #58

Closed
eladav opened this issue Jul 10, 2019 · 2 comments · Fixed by #79
Closed

Support more ways to control docker images other than environment variables #58

eladav opened this issue Jul 10, 2019 · 2 comments · Fixed by #79
Labels
enhancement New feature or request good first issue Good for newcomers

Comments

@eladav
Copy link
Contributor

eladav commented Jul 10, 2019

currently you control docker deployments with setting environment variables which is an easy solution but considered not secure. These environment variables contain connection strings and maybe other sensitive information. We should allow configuration via files and any other way that makes sense for running dynamico in a container.
@eladav eladav added enhancement New feature or request good first issue Good for newcomers labels Jul 10, 2019
@eladav eladav mentioned this issue Jul 11, 2019
Open
@mikeChatsky
Copy link
Contributor

How about offering the option to add docker configuration secrets stored in files as the docker docs suggest:
https://docs.docker.com/compose/compose-file/#secrets-configuration-reference - with compose.
https://docs.docker.com/engine/swarm/secrets/ - with docker secrets.

That way, both options (environment variables and secret files) can be available to choose from. Or perhaps the container can use secrets files alone in order to standardize security best-practices.

I wouldn't mind taking a shot at implementing it if this approach seems acceptable :)

@eladav
Copy link
Contributor Author

eladav commented Nov 24, 2019

Hey Mike, thanks for the response 😃
Sounds like a good approach, I think it would also make us more conformant with other tools in the ecosystem (e.g. k82 secret managers).... a PR would be very appreciated :)

mikeChatsky added a commit to mikeChatsky/dynamico that referenced this issue Nov 26, 2019
@mikeChatsky
feat(dockerfiles): add support to docker secrets for configs (OS-Guil…
a1c6d32 
…d#58)

* Add support to pass sensitive config fields through docker secrets in addition to env variables (for security reasons).
* Configurable docker secrets fields: (s3-registry) access-key-id and secret-access-key.
* Add SECRETS_FILE_PATH env variable to customize secrets location inside the container.
@mikeChatsky mikeChatsky mentioned this issue Nov 26, 2019
Merged
mikeChatsky added a commit to mikeChatsky/dynamico that referenced this issue Dec 4, 2019
@mikeChatsky
feat(dockerfiles): add support to docker secrets for configs (OS-Guil…
a28558a 
…d#58)

* Add support to pass sensitive config fields through docker secrets in addition to env variables (for security reasons).
* Configurable docker secrets fields: (s3-registry) access-key-id and secret-access-key, (redis-azure-blobs) container-sas and redis-config, (azure-blobs) container-sas.
* Add SECRETS_FILE_PATH, AZURE_SECRET_FILE_PATH and REDIS_SECRETS_FILE_PATH env variables to customize secrets location inside containers.
mikeChatsky added a commit to mikeChatsky/dynamico that referenced this issue Dec 4, 2019
@mikeChatsky
feat(dockerfiles): add support to docker secrets for configs (OS-Guil…
d3ab32d 
…d#58)

* Add support to pass sensitive config fields through docker secrets in addition to env variables (for security reasons).
* Configurable docker secrets fields: (s3-registry) access-key-id and secret-access-key, (redis-azure-blobs) container-sas and redis-config, (azure-blobs) container-sas.
* Add SECRETS_FILE_PATH, AZURE_SECRET_FILE_PATH and REDIS_SECRETS_FILE_PATH env variables to customize secrets location inside containers.
mikeChatsky added a commit to mikeChatsky/dynamico that referenced this issue Dec 9, 2019
@mikeChatsky
feat(dockerfiles): add support to docker secrets for configs (OS-Guil…
921480c 
…d#58)

* Add support to pass sensitive config fields through docker secrets in addition to env variables (for security reasons).
* Configurable docker secrets fields: (s3-registry) access-key-id and secret-access-key, (redis-azure-blobs) container-sas and redis-config, (azure-blobs) container-sas.
* Add SECRETS_FILE_PATH, AZURE_SECRET_FILE_PATH and REDIS_SECRETS_FILE_PATH env variables to customize secrets location inside containers.
eladav pushed a commit that referenced this issue Dec 15, 2019
@mikeChatsky @eladav
feat(dockerfiles): add support to docker secrets for configs (#58) (#79)
d1d8c40 
* Add support to pass sensitive config fields through docker secrets in addition to env variables (for security reasons).
* Configurable docker secrets fields: (s3-registry) access-key-id and secret-access-key, (redis-azure-blobs) container-sas and redis-config, (azure-blobs) container-sas.
* Add SECRETS_FILE_PATH, AZURE_SECRET_FILE_PATH and REDIS_SECRETS_FILE_PATH env variables to customize secrets location inside containers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(dockerfiles): add support to docker secrets for configs (#58) mikeChatsky/dynamico
2 participants
@eladav @mikeChatsky