Keep secrets safe

Hello, we are going to run application at Pantaris app runtime which should communicate with another services. For that we have to secure store secrets for service accounts.
Has anyone faced and solved such problem?

I see here 2 approaches:

  • Store credentials at external secure storage (e.g. Azure KeyVault) but anyway we have to store principal to access that storage
  • Store credentials directly into sourcecode / dockerfile

Hi, the feature-request to securely store secrets is already in our backlog. Workaround until implementation is approach 2 (not secure obviously).

1 Like

I’ve tried to use next approach (How to use secrets in Docker Compose | Docker Documentation) but it doesn’t work at runtime. Files at /run/secrets/… aren’t created. Is it expected?

Yes, that’s expected as it’s not supported. Find more about what is supported in the container config documentation.