Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

To doc: Add support for templated secrets and configs #6207

Open
gbarr01 opened this issue Mar 12, 2018 · 9 comments
Open

To doc: Add support for templated secrets and configs #6207

gbarr01 opened this issue Mar 12, 2018 · 9 comments
Labels
area/Engine
Milestone

Comments

@gbarr01
Copy link
Contributor

@gbarr01 gbarr01 commented Mar 12, 2018

References:
https://github.com/docker/docker-ce/blob/v18.03.0-ce-rc3/CHANGELOG.md
docker/cli#896
moby/moby#33702
moby/moby#36366
moby/swarmkit#2133

Possible doc locations:
https://docs.docker.com/engine/swarm/secrets/

@gbarr01 gbarr01 added this to the engine/18.03 milestone Mar 12, 2018
@joaofnfernandes joaofnfernandes added the area/Engine label Mar 16, 2018
@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Jul 2, 2018

Wrote down a basic example here; moby/moby#37377 (comment)

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Oct 30, 2018

@ghost
Copy link

@ghost ghost commented Jan 2, 2019

Closing this ticket due to its age, and the impending refactor. If you think this is in error, feel free to reopen. Thanks!

@ghost ghost closed this as completed Jan 2, 2019
@jean-airoldie
Copy link

@jean-airoldie jean-airoldie commented Jun 18, 2019

This blog offers decent documentation in the meantime.

@matthanley
Copy link

@matthanley matthanley commented Jun 24, 2019

Closing this ticket due to its age, and the impending refactor. If you think this is in error, feel free to reopen. Thanks!

Does that mean usage of this feature will be changing? Any details of the referenced refactor?

@paigehargrave paigehargrave reopened this Jun 25, 2019
ivanovart pushed a commit to ivanovart/docker-py that referenced this issue Jan 20, 2020
ivanovart pushed a commit to ivanovart/docker-py that referenced this issue Mar 9, 2020
@ev3rl0ng
Copy link

@ev3rl0ng ev3rl0ng commented Dec 29, 2020

Hi, long time listener, first time caller. Sorry to revive an old thread, but I am trying to find more details around this very topic.

I was hoping to find out what the expected scope of the template would be in the case of a service or a stack deployment.

For example, could I:

  • reference all replicas in a service with an array in a range style template from the golang Templates library?
  • reference properties of another service in the same stack?

I understand that other platforms (terraform/ansible/puppet) could most likely provide what I'm looking for here, but there's a unique position that the config level templating provides here that those platforms would end up using or accomplishing via other means.

If I can get some initial pointers on where to start (new to this code base), I'd be more than happy to dig into it and generate the documentation around it if it is indeed possible.

Thanks for your time!

@dmitriy-shleht
Copy link

@dmitriy-shleht dmitriy-shleht commented Apr 29, 2021

Hi, view templates {{secret "foo"}} work perfectly in normal configuration files, but if the configuration in the JSON format, it becomes an unhappy due to extra quotes. What to do in this case where to make a new issues?
If I scraps shield, then my secret does not work ({{secret \"user_setup_pass\"}})

{
  "ConnectionStrings": {
    "Oracle": "uid=CA;pwd={{secret "user_setup_pass"}};direct=true;"
  }
}

@dazinator
Copy link

@dazinator dazinator commented Jan 21, 2022

Hit same issue as @dmitriy-shleht
Trying to template a json config file. Trying to use a secret but I need to json escape the secret value as it contains a \.
The blog post is great but it doesn't cover:-

@dazinator
Copy link

@dazinator dazinator commented Jan 21, 2022

So I tried to use a json function as I thought might be available for usage, based on some seemingly irrelevent code for another template which does support this function found here: https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/daemon/logger/templates/templates.go#L12)

My template config.json

{
"BasicAuth": {
        "Username": "my-user",
        "Password": "{{ secret "super-secret" | json }}"
      }
 }

but:

starting container failed: unable to get config from config store: failed to expand templated config 0lolhuba7n8im2cj0xfef60qw: template: expansion:224: function "json" not defined

So it looks like its not possible to safely use secrets in templates of json files at the moment, but perhaps someone can clarify.

In the meantime, I will instead add support to my application for utilising secrets mounted into /run/secrets as files, which kind of removes some value from this feature (some, not all)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/Engine
Projects
None yet
Development

No branches or pull requests

9 participants