docker

bzmariano 2023-10-18T18:56:36.300109Z

Hello clojurians, could someone help me with the following build step? I'm trying to build an app that uses an external secrets.edn file outside of the project. This file contains sensitive information such as credentials, and I don't want it to be within the Docker image. The app will retrieve this information from env HOME/secrets.edn, so I would like this container HOME to be connected to the host's $HOME. The question is, how could I establish this connection with a Dockerfile or Docker Compose? Or maybe there is better way to protect sensistive info while keeping it accessible for the running container.

lispyclouds 2023-10-18T19:06:56.492889Z

you could try mounting the file as a volume when running the container: docker run -v $HOME/host/path/secrets.edn:/root/secrets.edn your-image

lispyclouds 2023-10-18T19:07:13.332259Z

assuming you are running using docker and the root user

lispyclouds 2023-10-18T19:08:55.387419Z

or via https://docs.docker.com/compose/compose-file/07-volumes/ in compose

☝️ 1
Kirill Chernyshov 2023-10-18T19:31:06.856709Z

another way is to convert this file to something that can represent the set of environment variables and make it available via build vars. but that depends on the content of the file

bzmariano 2023-10-18T19:41:48.553549Z

thanks both, I read before that private keys and such are not recommended to be accessible via os env vars, but not sure why. The truth is that I dont have much exp in this area.

Kirill Chernyshov 2023-10-18T19:43:36.794439Z

I actually prefer to keep secrets in env as the most secure way - https://12factor.net/

👍 2
practicalli-johnny 2023-10-18T20:05:20.624759Z

I wouldn't consider a text file as secure unless the file can be encrypted. Even then I would still recommend using environmental variables, especially where they are managed by the CI and whatever service is managing deployment of containers

👍 1