Shulou(Shulou.com)06/01 Report--

This article introduces you what are the use scenarios of Secret, the content is very detailed, interested friends can refer to, hope to be helpful to you.

We can use secret to manage any sensitive data. This sensitive data is needed by the container at run time, and we don't want to save the data to the mirror.

Secret can be used to manage:

User name and password.

TLS certificate.

SSH key.

Other data less than 500 KB.

Secret can only be used in swarm service. If a normal container wants to use secret, it can be packaged as a service with 1 copies.

Here we give another typical scenario of using secret.

The data center has three swarm environments for development, testing, and production. For the same application, use different usernames and passwords in different environments. We can create secret in each of the three environments, but with the same name, such as username and password. You only need to specify the secret name when deploying the application, so we can deploy the application in different environments with the same set of scripts.

In addition to sensitive data, secret can also be used for non-sensitive data, such as configuration files. However, the current new version of Docker provides config subcommands to manage data that does not need to be encrypted. The config command is used in exactly the same way as the secret command.

Security of Secret

When a secret is created in swarm, Docker sends the encrypted secret to all manager nodes over a TLS connection.

After the creation of secret, even swarm manager cannot view the plaintext data of secret, but can only view the general information of secret through docker secret inspect.

Only when secret is used by the specified service will Docker mount the decrypted secret into the container as a file. The default path is / run/secrets/. For example, in the previous example of MySQL, we can look at the secret in the container.

When the container stops running, Docker unmount secret and clears it from the node.

What about the use of Secret scenarios to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.