How to use docker secrets without a swarm cluster?

Solution 1:

Yes, you can use secrets if you use a compose file. (You don't need to run a swarm).

You use a compose file with docker-compose: there is documentation for "secrets" in a docker-compose.yml file.

I switched to docker-compose because I wanted to use secrets. I am happy I did, it seems much more clean. Each service maps to a container. And if you ever want to switch to running a swarm instead, you are basically already there.

Note: Secrets are not loaded into the container's environment, they are mounted to /run/secrets/

Here is a example:

1) Project Structure:

|
|---    docker-compose.yml
|---    super_duper_secret.txt

2) docker-compose.yml contents:

version: "3.6"

services:

  my_service:
    image: centos:7
    entrypoint: "cat /run/secrets/my_secret"
    secrets:
      - my_secret

secrets:
  my_secret:
    file: ./super_duper_secret.txt

3) super_duper_secret.txt contents:

Whatever you want to write for a secret really.

4) Run this command from the project's root to see that the container does have access to your secret, (Docker must be running and docker-compose installed):

docker-compose up --build my_service

You should see your container output your secret.

Solution 2:

You can't... It does not support secrets without Swarm. Unless ''may be'' you ''Swarm'' using only one node.

The other solution would be, I think to use a third party vault software like this one:

https://www.vaultproject.io/

But then, to use the secrets in your containers from Vault, you would need to read the doc.

Hope this bring you to the right path to start.