Protect Sensitive Data in Docker

By  on  
Docker

Developing authentication code for open source repositories can be a scary task; you're scared that hackers can find loopholes in your code but you're also petrified of accidentally committing sensitive credentials to a public repository.  I've seen unintentional credential commits happen and the panic that ensues throughout an organization will make your eyes water.

The standard for providing sensitive credentials in a production environment is using environment variables.  Docker, via docker-compose and docker-compose.yml, easily allows developers to introduce environment variables and values, but you don't want to commit those to a repo, so the answer is creating a docker-compose.override.yml file on your local machine which contains the sensitive information:

version: '2'
services:
  myservice:
    environment:
      - KEY=Value
      - CLIENT_ID=ljlxjlkfj3298749sd98xzuv9z8x
      - CLIENT_SECRET=32xlkjwe9sd9x8jx9we8sd9sdad
      - SITE_DOMAIN=davidwalsh.local

The information in docker-compose.override.yml is added to (or overrides) the directives in docker-compose.yml.  Since git and mercurial will allow you to commit docker-compose.override.yml files, the other important step is adding your docker-compose.override.yml file to your .gitignore or .hgignore file, preventing the file from being seen from the two version control tools.

docker-compose.override.yml

Using docker-compose.override.yml and .gitignore is a simple idea but it's important to implement this technique as soon as possible.  Security is of the utmost importance, especially when your repository is public, and casually adding sensitive API data while developing will lead to problems.

Recent Features

  • By
    Chris Coyier’s Favorite CodePen Demos

    David asked me if I'd be up for a guest post picking out some of my favorite Pens from CodePen. A daunting task! There are so many! I managed to pick a few though that have blown me away over the past few months. If you...

  • By
    CSS Gradients

    With CSS border-radius, I showed you how CSS can bridge the gap between design and development by adding rounded corners to elements.  CSS gradients are another step in that direction.  Now that CSS gradients are supported in Internet Explorer 8+, Firefox, Safari, and Chrome...

Incredible Demos

  • By
    MooTools Equal Heights Plugin:  Equalizer

    Keeping equal heights between elements within the same container can be hugely important for the sake of a pretty page. Unfortunately sometimes keeping columns the same height can't be done with CSS -- you need a little help from your JavaScript friends. Well...now you're...

  • By
    NSFW Blocker Using MooTools and CSS

    One of my guilty pleasures is scoping out the latest celebrity gossip from PerezHilton.com, DListed.com, and JoBlo.com. Unfortunately, these sites occasionally post NSFW pictures which makes checking these sites on lunch a huge gamble -- a trip to HR's office could be just a click away. Since...

Discussion

  1. Hey, good trick. Another way of doing it is by using a .env file, supported since Docker Compose 1.7.0:

    https://docs.docker.com/compose/environment-variables/

    The use of .env files is quite widespread so should be familiar to a lot of people.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!