Protect Sensitive Data in Docker

By  on  
Docker

Developing authentication code for open source repositories can be a scary task; you're scared that hackers can find loopholes in your code but you're also petrified of accidentally committing sensitive credentials to a public repository.  I've seen unintentional credential commits happen and the panic that ensues throughout an organization will make your eyes water.

The standard for providing sensitive credentials in a production environment is using environment variables.  Docker, via docker-compose and docker-compose.yml, easily allows developers to introduce environment variables and values, but you don't want to commit those to a repo, so the answer is creating a docker-compose.override.yml file on your local machine which contains the sensitive information:

version: '2'
services:
  myservice:
    environment:
      - KEY=Value
      - CLIENT_ID=ljlxjlkfj3298749sd98xzuv9z8x
      - CLIENT_SECRET=32xlkjwe9sd9x8jx9we8sd9sdad
      - SITE_DOMAIN=davidwalsh.local

The information in docker-compose.override.yml is added to (or overrides) the directives in docker-compose.yml.  Since git and mercurial will allow you to commit docker-compose.override.yml files, the other important step is adding your docker-compose.override.yml file to your .gitignore or .hgignore file, preventing the file from being seen from the two version control tools.

docker-compose.override.yml

Using docker-compose.override.yml and .gitignore is a simple idea but it's important to implement this technique as soon as possible.  Security is of the utmost importance, especially when your repository is public, and casually adding sensitive API data while developing will lead to problems.

Recent Features

  • By
    Page Visibility API

    One event that's always been lacking within the document is a signal for when the user is looking at a given tab, or another tab. When does the user switch off our site to look at something else? When do they come back?

  • By
    Vibration API

    Many of the new APIs provided to us by browser vendors are more targeted toward the mobile user than the desktop user.  One of those simple APIs the Vibration API.  The Vibration API allows developers to direct the device, using JavaScript, to vibrate in...

Incredible Demos

Discussion

  1. Hey, good trick. Another way of doing it is by using a .env file, supported since Docker Compose 1.7.0:

    https://docs.docker.com/compose/environment-variables/

    The use of .env files is quite widespread so should be familiar to a lot of people.

Wrap your code in <pre class="{language}"></pre> tags, link to a GitHub gist, JSFiddle fiddle, or CodePen pen to embed!