Create docker secret and deploy a service

#Introduction

In this tutorial, How to create docker secret and deploy a service. Docker secrets encrypt things like passwords and certificates within a service and container.

Requirements

How to create a secret

We’ll use the command printf and pipe the output to the docker command to create a secret called test_secret. As command below:

printf "My secret secret" | docker secret create test_secret -
Create docker secret and deploy a service

To check the result with the command below

docker secret ls

The output as below:

vagrant@controller:~$ docker secret ls
ID                          NAME          DRIVER    CREATED          UPDATED
txrthzah1vnl4kyrh282j39ft   test_secret             24 seconds ago   24 seconds ago

create a service that uses the secret

To deploy that service, using the test_secret secret, the command looks something like this:

docker service  create --name redis --secret test_secret redis:alpine
Create docker secret and deploy a service 02

Verify the service is running as the command below

docker service ps redis

The output is as below:

vagrant@controller:~$ docker service ps redis
ID             NAME      IMAGE          NODE         DESIRED STATE   CURRENT STATE            ERROR     PORTS
y6249s3xftxa   redis.1   redis:alpine   controller   Running         Running 33 seconds ago   

Verify the service has access to the secret as below

docker container exec $(docker ps --filter name=redis -q) ls -l /run/secrets

The output is as below:

vagrant@controller:~$ docker container exec $(docker ps --filter name=redis -q) ls -l /run/secrets
total 4
-r--r--r--    1 root     root            16 May 30 13:50 test_secret

Finally, you can view the contents of the secret with the command:

docker container exec $(docker ps --filter name=redis -q) cat /run/secrets/test_secret

The output is as below:

My secret secret

If you commit the container, the secret is no longer available.

docker commit $(docker ps --filter name=redis -q) committed_redis

Verify the secret is no longer available with the command below:

docker run --rm -it committed_redis cat /run/secrets/test_secret
Create docker secret and deploy a service 03

You can then remove access to the secret with the command:

docker service update --secret-rm test_secret redis
Create docker secret and deploy a service 04

Conclusion

You have to Create docker secret and deploy a service. I hope will this your helpful. Thank you for reading the DevopsRoles page!

About HuuPV

My name is Huu. I love technology, especially Devops Skill such as Docker, vagrant, git, and so forth. I like open-sources, so I created DevopsRoles.com to share the knowledge I have acquired. My Job: IT system administrator. Hobbies: summoners war game, gossip.
View all posts by HuuPV →

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.