Protect Sensitive Data in Docker

By  on  
Docker

Developing authentication code for open source repositories can be a scary task; you're scared that hackers can find loopholes in your code but you're also petrified of accidentally committing sensitive credentials to a public repository.  I've seen unintentional credential commits happen and the panic that ensues throughout an organization will make your eyes water.

The standard for providing sensitive credentials in a production environment is using environment variables.  Docker, via docker-compose and docker-compose.yml, easily allows developers to introduce environment variables and values, but you don't want to commit those to a repo, so the answer is creating a docker-compose.override.yml file on your local machine which contains the sensitive information:

version: '2'
services:
  myservice:
    environment:
      - KEY=Value
      - CLIENT_ID=ljlxjlkfj3298749sd98xzuv9z8x
      - CLIENT_SECRET=32xlkjwe9sd9x8jx9we8sd9sdad
      - SITE_DOMAIN=davidwalsh.local

The information in docker-compose.override.yml is added to (or overrides) the directives in docker-compose.yml.  Since git and mercurial will allow you to commit docker-compose.override.yml files, the other important step is adding your docker-compose.override.yml file to your .gitignore or .hgignore file, preventing the file from being seen from the two version control tools.

docker-compose.override.yml

Using docker-compose.override.yml and .gitignore is a simple idea but it's important to implement this technique as soon as possible.  Security is of the utmost importance, especially when your repository is public, and casually adding sensitive API data while developing will lead to problems.

Recent Features

Incredible Demos

  • By
    MooTools Clipboard Plugin

    The ability to place content into a user's clipboard can be extremely convenient for the user. Instead of clicking and dragging down what could be a lengthy document, the user can copy the contents of a specific area by a single click of a mouse.

  • By
    Fixing sIFR Printing with CSS and MooTools

    While I'm not a huge sIFR advocate I can understand its allure. A customer recently asked us to implement sIFR on their website but I ran into a problem: the sIFR headings wouldn't print because they were Flash objects. Here's how to fix...

Discussion

  1. Hey, good trick. Another way of doing it is by using a .env file, supported since Docker Compose 1.7.0:

    https://docs.docker.com/compose/environment-variables/

    The use of .env files is quite widespread so should be familiar to a lot of people.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!