docker secret with spring boot application is not working in docker swarm mode /run/secrets

Asked 29/9, 2018 at 9:5 Answered 3/4, 2019 at 2:55

Solved docker spring-boot devops docker-swarm orchestration

I'm trying to set the environment variables for DB password for MySQL container and spring boot application which is commonly declared in the docker secrets.

echo "db_secured_password" | docker secret create secret -

here are the configuration files :

spring boot application's -> application.yml

db:
  name: my-db
  host: localhost
  port: 3306
  username: root
  password: /run/secrets/db-root-password
spring:
  application:
    name: core-backend
  datasource:
    url: jdbc:mysql://${db.host}:${db.port}/${db.name}
    username: ${db.username}
    password: ${db.password}

used for docker stack in docker swarm mode -> docker-compose.yml

version: '3.1'

services: 

  mysql-db:
    container_name: mysql-db
    image: mysql:8.0.12
    deploy:
      restart_policy:
        condition: on-failure
    volumes:
      - ./data/mysql:/var/lib/mysql
      - ./conf/mysql/my.cnf:/etc/mysql/conf.d/my.cnf
    environment:
      - MYSQL_ROOT_PASSWORD=/run/secrets/db-root-password
      - MYSQL_DATABASE=my_db
    ports: 
      - "3306:3306"
    secrets: 
      - db-root-password

  spring-boot-app:
    container_name: spring-boot-app
    image: spring-boot-app:local
    environment:
      - DB_PASSWORD=/run/secrets/db-root-password
# Also tried adding with the file as property name
#     - DB_PASSWORD_FILE=/run/secrets/db-root-password
    ports:
      - "8080:8080"
    environment:
      HOST_NAME: localhost
    secrets: 
      - db-root-password
    depends_on:
      - mysql-db

secrets:
  db-root-password:
    external: true

I run the docker stack by using the following command:

docker stack deploy --with-auth-registry -c docker-compose.yml test-stack

I'm unable to get the value of the db-root-password property exactly in spring boot app. When I inspect the value of db-root-password I get the value as /run/secrets/db-root-password.

Is there something missing? If I want to override the value of Environment variable differently?

Elmer answered 29/9, 2018 at 9:5 Comment(0)

We resolved the same issue by using "printf" instead of "echo", the problem of echo is it will leave a new line character into the docker secret. You can refer to example in docker secret create => https://docs.docker.com/engine/reference/commandline/secret_create/

Also I have an example that load docker secrets directly into spring properties, such as "spring.datasource.password" => https://github.com/kwonghung-YIP/spring-boot-docker-secret

Drying answered 3/4, 2019 at 2:55 Comment(1)

Same if you use 'echo -n' to avoid entering the newline – Perfectly 3/4, 2019 at 7:39

I think you need to mount the passwords from the secrets file , please see the example "Use secrets in Compose" here https://docs.docker.com/engine/swarm/secrets/#build-support-for-docker-secrets-into-your-images

Generalissimo answered 29/9, 2018 at 15:25 Comment(1)

No, I didn't found the solution with your suggestion of mounting secrets. Do you have any example specific to spring boot application? P.S. Even I tried to do exec on the running container(spring boot app) to check the directory /run/secrets/*, I see all the passwords are present. But spring boot app isn't able to read it. – Elmer 1/10, 2018 at 22:1

Recommended topics

Hot tags