Protect Sensitive Data in Docker

By  on  
Docker

Developing authentication code for open source repositories can be a scary task; you're scared that hackers can find loopholes in your code but you're also petrified of accidentally committing sensitive credentials to a public repository.  I've seen unintentional credential commits happen and the panic that ensues throughout an organization will make your eyes water.

The standard for providing sensitive credentials in a production environment is using environment variables.  Docker, via docker-compose and docker-compose.yml, easily allows developers to introduce environment variables and values, but you don't want to commit those to a repo, so the answer is creating a docker-compose.override.yml file on your local machine which contains the sensitive information:

version: '2'
services:
  myservice:
    environment:
      - KEY=Value
      - CLIENT_ID=ljlxjlkfj3298749sd98xzuv9z8x
      - CLIENT_SECRET=32xlkjwe9sd9x8jx9we8sd9sdad
      - SITE_DOMAIN=davidwalsh.local

The information in docker-compose.override.yml is added to (or overrides) the directives in docker-compose.yml.  Since git and mercurial will allow you to commit docker-compose.override.yml files, the other important step is adding your docker-compose.override.yml file to your .gitignore or .hgignore file, preventing the file from being seen from the two version control tools.

docker-compose.override.yml

Using docker-compose.override.yml and .gitignore is a simple idea but it's important to implement this technique as soon as possible.  Security is of the utmost importance, especially when your repository is public, and casually adding sensitive API data while developing will lead to problems.

Recent Features

  • By
    Animated 3D Flipping Menu with CSS

    CSS animations aren't just for basic fades or sliding elements anymore -- CSS animations are capable of much more.  I've showed you how you can create an exploding logo (applied with JavaScript, but all animation is CSS), an animated Photo Stack, a sweet...

  • By
    LightFace:  Facebook Lightbox for MooTools

    One of the web components I've always loved has been Facebook's modal dialog.  This "lightbox" isn't like others:  no dark overlay, no obnoxious animating to size, and it doesn't try to do "too much."  With Facebook's dialog in mind, I've created LightFace:  a Facebook lightbox...

Incredible Demos

  • By
    Form Element AJAX Spinner Attachment Using MooTools

    Many times you'll see a form dynamically change available values based on the value of a form field. For example, a "State" field will change based on which Country a user selects. What annoys me about these forms is that they'll often do an...

  • By
    Create a Simple Dojo Accordion

    Let's be honest:  even though we all giggle about how cheap of a thrill JavaScript accordions have become on the web, they remain an effective, useful widget.  Lots of content, small amount of space.  Dojo's Dijit library provides an incredibly simply method by which you can...

Discussion

  1. Hey, good trick. Another way of doing it is by using a .env file, supported since Docker Compose 1.7.0:

    https://docs.docker.com/compose/environment-variables/

    The use of .env files is quite widespread so should be familiar to a lot of people.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!