Protect Sensitive Data in Docker

By  on  
Docker

Developing authentication code for open source repositories can be a scary task; you're scared that hackers can find loopholes in your code but you're also petrified of accidentally committing sensitive credentials to a public repository.  I've seen unintentional credential commits happen and the panic that ensues throughout an organization will make your eyes water.

The standard for providing sensitive credentials in a production environment is using environment variables.  Docker, via docker-compose and docker-compose.yml, easily allows developers to introduce environment variables and values, but you don't want to commit those to a repo, so the answer is creating a docker-compose.override.yml file on your local machine which contains the sensitive information:

version: '2'
services:
  myservice:
    environment:
      - KEY=Value
      - CLIENT_ID=ljlxjlkfj3298749sd98xzuv9z8x
      - CLIENT_SECRET=32xlkjwe9sd9x8jx9we8sd9sdad
      - SITE_DOMAIN=davidwalsh.local

The information in docker-compose.override.yml is added to (or overrides) the directives in docker-compose.yml.  Since git and mercurial will allow you to commit docker-compose.override.yml files, the other important step is adding your docker-compose.override.yml file to your .gitignore or .hgignore file, preventing the file from being seen from the two version control tools.

docker-compose.override.yml

Using docker-compose.override.yml and .gitignore is a simple idea but it's important to implement this technique as soon as possible.  Security is of the utmost importance, especially when your repository is public, and casually adding sensitive API data while developing will lead to problems.

Recent Features

  • By
    Send Text Messages with PHP

    Kids these days, I tell ya.  All they care about is the technology.  The video games.  The bottled water.  Oh, and the texting, always the texting.  Back in my day, all we had was...OK, I had all of these things too.  But I still don't get...

  • By
    5 More HTML5 APIs You Didn’t Know Existed

    The HTML5 revolution has provided us some awesome JavaScript and HTML APIs.  Some are APIs we knew we've needed for years, others are cutting edge mobile and desktop helpers.  Regardless of API strength or purpose, anything to help us better do our job is a...

Incredible Demos

  • By
    MooTools CountDown Plugin

    There are numerous websites around the internet, RapidShare for example, that make you wait an allotted amount of time before presenting you with your reward. Using MooTools, I've created a CountDown plugin that allows you to easily implement a similar system. The MooTools JavaScript The CountDown class...

  • By
    Create a CSS Cube

    CSS cubes really showcase what CSS has become over the years, evolving from simple color and dimension directives to a language capable of creating deep, creative visuals.  Add animation and you've got something really neat.  Unfortunately each CSS cube tutorial I've read is a bit...

Discussion

  1. Hey, good trick. Another way of doing it is by using a .env file, supported since Docker Compose 1.7.0:

    https://docs.docker.com/compose/environment-variables/

    The use of .env files is quite widespread so should be familiar to a lot of people.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!