-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide a better way to pass the password to the container #111
Comments
I'm having the same concern. Unfortunately in researching it I think I have learned that this issue was formally identified in Docker itself back in May of last year and is still not a solved problem. |
Allowing malicious users to run PostgreSQL supports GSSAPI and Kerberos authentication which can be used if you really need more complex access management. |
I think it would be worthwhile to add a note to the documentation for |
There are other applications besides Postgres that need credentials. Postgres is sort of a touchy subject from a Docker standpoint anyway. The combined awkwardness of the data volume solution, lazy initialization of the database which ensues, avoiding nuking your data, especially in dev and integration, race conditions caused by this with docker-compose and a handful of others that I'm forgetting... I ended up creating my own initialization scripts which I ran offline that would spool up just psql, initialize the database, create my users (read and read-write), change the default password and optionally import a database backup, which I run separately from my code-build-test and build-deploy-test cycles. (this was a godsend when it came time to test migration scripts) |
I think #225 should be helpful here. |
TL;DR If you are using a swarm:
|
@phs example works without swarm too in
|
I don't like setting the password with an environment variable because environment variables can be viewed with 'docker inspect'. Can you provide a way to pass the password by mounting a file to the container and read the password from that file?
For example something like this:
$cat secret
export POSTGRES_PASSWORD=mysecretpostgrespassword
$ sudo docker run -v $(pwd):/tmp --name some-postgres -d postgres
and then in docker-entrypoint.sh read/source the password from /tmp/secret .
Thank you
PS:
$sudo docker run -v $ (pwd):/tmp --entrypoint /bin/bash --name some-postgres -d postgres "source /tmp/secret >> docker-entrypoint.sh"
I tried to do something like this:
but this resulted in:
/bin/bash: source /tmp/secret >> docker-entrypoint.sh: No such file or directory
The text was updated successfully, but these errors were encountered: