Using Docker secrets #44
Conversation
add docker secrets to protect sensitive information like passwords and private keys in .env file
adding directory of docker secrets instead of password
add docker secrets functions
add secrets section to da-node
| @@ -8,6 +8,18 @@ | |||
| # which causes the password to be incorrect. | |||
| # To test that try running `docker run --rm --env-file .env busybox /bin/sh -c 'echo $NODE_ECDSA_KEY_PASSWORD'` | |||
| # This will output password with single quote. Not sure why this happens. | |||
| # Function to read Docker secrets | |||
| read_secret() { | |||
There was a problem hiding this comment.
It's used to read the content of Docker secrets (ecdsa_key_password and bls_key_password) and pass them to the Docker containers securely.
--volume "ecdsa_key_password:/run/secrets/ecdsa_key_password:ro"
--volume "bls_key_password:/run/secrets/bls_key_password:ro"
These lines in the docker run command mount the Docker secrets into the appropriate paths within the containers. The "read_secret()" function ensures that the contents of these secrets are correctly provided when the script is executed.
There was a problem hiding this comment.
ok thanks. I will test this and update. thanks for the PR. appreciate it.
There was a problem hiding this comment.
ok thanks. I will test this and update. thanks for the PR. appreciate it.
hey, Is it passed the test?
Docker provides Docker Secrets for managing sensitive information securely. Secrets can be used to pass sensitive data directly to services without exposing them in plain text. so using docker secrets provide more security compared to storing them directly in environment files (e.g., .env files)