To doc: Add support for templated secrets and configs

[gbarr01]

References:
https://github.com/docker/docker-ce/blob/v18.03.0-ce-rc3/CHANGELOG.md
docker/cli#896
moby/moby#33702
moby/moby#36366
moby/swarmkit#2133

Possible doc locations:
https://docs.docker.com/engine/swarm/secrets/

[thaJeztah]

Wrote down a basic example here; moby/moby#37377 (comment)

[thaJeztah]

@ahh-docker PTAL

[ghost]

Closing this ticket due to its age, and the impending refactor. If you think this is in error, feel free to reopen. Thanks!

[jean-airoldie]

This blog offers decent documentation in the meantime.

[matthanley]

Closing this ticket due to its age, and the impending refactor. If you think this is in error, feel free to reopen. Thanks!

Does that mean usage of this feature will be changing? Any details of the referenced refactor?

[ev3rl0ng]

Hi, long time listener, first time caller. Sorry to revive an old thread, but I am trying to find more details around this very topic.

I was hoping to find out what the expected scope of the template would be in the case of a service or a stack deployment.

For example, could I:

• reference all replicas in a service with an array in a range style template from the golang Templates library?
• reference properties of another service in the same stack?

I understand that other platforms (terraform/ansible/puppet) could most likely provide what I'm looking for here, but there's a unique position that the config level templating provides here that those platforms would end up using or accomplishing via other means.

If I can get some initial pointers on where to start (new to this code base), I'd be more than happy to dig into it and generate the documentation around it if it is indeed possible.

Thanks for your time!

[dmitriy-shleht]

Hi, view templates {{secret "foo"}} work perfectly in normal configuration files, but if the configuration in the JSON format, it becomes an unhappy due to extra quotes. What to do in this case where to make a new issues?
If I scraps shield, then my secret does not work ({{secret \"user_setup_pass\"}})

{
  "ConnectionStrings": {
    "Oracle": "uid=CA;pwd={{secret "user_setup_pass"}};direct=true;"
  }
}

[dazinator]

Hit same issue as @dmitriy-shleht
Trying to template a json config file. Trying to use a secret but I need to json escape the secret value as it contains a \.
The blog post is great but it doesn't cover:-

• What functions are mapped within the template environment, and how to use them?
  For example, their might already be a json escaping function available as I have seen this function mapped in other go templates poking around the source code (e.g: https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/daemon/logger/templates/templates.go#L12)

[dazinator]

So I tried to use a json function as I thought might be available for usage, based on some seemingly irrelevent code for another template which does support this function found here: https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/daemon/logger/templates/templates.go#L12)

My template config.json

{
"BasicAuth": {
        "Username": "my-user",
        "Password": "{{ secret "super-secret" | json }}"
      }
 }

but:

starting container failed: unable to get config from config store: failed to expand templated config 0lolhuba7n8im2cj0xfef60qw: template: expansion:224: function "json" not defined

So it looks like its not possible to safely use secrets in templates of json files at the moment, but perhaps someone can clarify.

In the meantime, I will instead add support to my application for utilising secrets mounted into /run/secrets as files, which kind of removes some value from this feature (some, not all)