Docker Compose: A Mini Orchestration Tool for Local Development
Docker Compose Secrets
In one of the previous examples, we used environment variables to define the database configuration. This is not the best way to do it. The problem with this approach is that the environment variables are stored in plain text in the docker-compose.yml file.
Here is what we had before:
services:
db:
image: mysql:9.6.0
[...]
environment:
MYSQL_ROOT_PASSWORD: mypassword
MYSQL_DATABASE: wordpress
MYSQL_USER: user
MYSQL_PASSWORD: mypassword
wordpress:
image: wordpress:6.9.0-apache
[...]
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: user
WORDPRESS_DB_PASSWORD: mypassword
[...]
For environment variables that contain sensitive data such as passwords, it's better to use Docker Secrets. Docker Secrets is a way to securely store and manage sensitive data, such as passwords, API keys, and certificates. Here is the new example that you can follow to use Docker Secrets with Docker Compose:
# Create a new directory for the project
mkdir -p $HOME/wordpress-secrets && cd $HOME/wordpress-secrets
# Create a new docker-compose.yml file
cat << EOF > docker-compose.yml
services:
db:
image: mysql:9.6.0
volumes:
- db_data:/var/lib/mysql
restart: always
secrets:
- db_root_password
- db_user
- db_password
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
MYSQL_DATABASE: wordpress
MYSQL_USER_FILE: /run/secrets/db_user
MYSQL_PASSWORD_FILE: /run/secrets/db_password
wordpress:
depends_on:
- db
image: wordpress:6.9.0-apache
ports:
- "8000:80"
restart: always
secrets:
- db_user
-Painless Docker - 2nd Edition
A Comprehensive Guide to Mastering Docker and its EcosystemEnroll now to unlock all content and receive all future updates for free.
Hurry! This limited time offer ends in:
To redeem this offer, copy the coupon code below and apply it at checkout: