This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-10-18
Channels
- # announcements (12)
- # babashka (6)
- # beginners (62)
- # calva (3)
- # cider (41)
- # clerk (5)
- # clojure (192)
- # clojure-bay-area (1)
- # clojure-europe (14)
- # clojure-norway (97)
- # clojure-uk (6)
- # clojuredesign-podcast (4)
- # clojurescript (30)
- # code-reviews (7)
- # cursive (32)
- # datahike (4)
- # datomic (35)
- # docker (8)
- # emacs (8)
- # events (1)
- # fulcro (13)
- # helix (19)
- # hoplon (4)
- # hyperfiddle (37)
- # jobs-discuss (10)
- # membrane (11)
- # missionary (19)
- # off-topic (28)
- # polylith (8)
- # portal (10)
- # practicalli (8)
- # re-frame (31)
- # reitit (6)
- # shadow-cljs (39)
- # timbre (3)
- # vim (1)
- # xtdb (6)
Hello clojurians, could someone help me with the following build step? I'm trying to build an app that uses an external secrets.edn file outside of the project. This file contains sensitive information such as credentials, and I don't want it to be within the Docker image. The app will retrieve this information from env HOME/secrets.edn, so I would like this container HOME to be connected to the host's $HOME. The question is, how could I establish this connection with a Dockerfile or Docker Compose? Or maybe there is better way to protect sensistive info while keeping it accessible for the running container.
you could try mounting the file as a volume when running the container: docker run -v $HOME/host/path/secrets.edn:/root/secrets.edn your-image
assuming you are running using docker and the root user
another way is to convert this file to something that can represent the set of environment variables and make it available via build vars. but that depends on the content of the file
thanks both, I read before that private keys and such are not recommended to be accessible via os env vars, but not sure why. The truth is that I dont have much exp in this area.
I actually prefer to keep secrets in env as the most secure way - https://12factor.net/
I wouldn't consider a text file as secure unless the file can be encrypted. Even then I would still recommend using environmental variables, especially where they are managed by the CI and whatever service is managing deployment of containers