Secrets and configs

Managing secrets and configs with Swarmlet

Variables configured during installation will be stored in Docker configs and secrets. This enables usage of secret values in swarm services. Include secrets and/or configs in the project docker-compose.yml file to access them in your services. Secrets can be used by swarm services only.

File paths
  • Configs are mounted at /config-name in the service container.
  • Secrets are mounted at /run/secrets/secret-name.

Secrets and configs

./docker-compose.yml
version: "3.7"
services:
my-service:
image: alpine
command:
- /bin/sh
- -c
- |
echo "Contents of swarmlet-core-config"
cat /swarmlet-core-config
echo "Contents of swarmlet-user-config"
cat /swarmlet-user-config
echo "Contents of swarmlet-user-secrets"
cat /run/secrets/swarmlet-user-secrets
configs:
- swarmlet-core-config
- swarmlet-user-config
secrets:
- swarmlet-user-secrets
deploy:
mode: replicated
replicas: 1
configs:
swarmlet-core-config:
external: true
swarmlet-user-config:
external: true
secrets:
swarmlet-user-secrets:
external: true

Creating secrets

Log into a manager node and use docker secret create to create a new config.

echo "the secret value" > $HOME/the-secret.txt
docker secret create my-secret $HOME/the-secret.txt
THE_SECRET="a secret value"
echo $THE_SECRET | docker secret create my-secret -

Example compose file:

./docker-compose.yml
version: "3.7"
services:
my-service:
image: alpine
command: sh -c 'cat /run/secrets/my-secret'
secrets:
- my-secret
deploy:
mode: replicated
replicas: 1
secrets:
my-secret:
external: true

Creating configs

Log into a manager node and use docker config create to create a new config.

echo "the config" > $HOME/the-config.txt
docker config create my-config $HOME/the-config.txt
THE_CONFIG="a config"
echo $THE_CONFIG | docker config create my-config -

Example compose file:

./docker-compose.yml
version: "3.7"
services:
my-service:
image: alpine
command: sh -c 'cat /my-config'
configs:
- my-config
deploy:
mode: replicated
replicas: 1
configs:
my-config:
external: true