Login/Register
How can I set the property spring.cloud.config.server.git.password using docker secret
Asked Answered
spring-bootdockerdocker-composedocker-secretsspring-cloud-config-server
I

1

2

I want to dockerize my spring cloud config server application. I am creating a docker secret git-repo-pass to store the github account password. I am setting the environment SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD with the default path for docker secrets that is /run/secrets/git-repo-pass. But, when I run the compose and inspect the container, I see that the environment is literally set to the path and not the contents of that path.

Sharing my docker-compose.yml file below,

version: '3.8'
services:
    config-standalone:
        container_name: config-standalone
        image: ss-config:1.0
        ports:
            - "8888:8888"
        secrets:
            - git-repo-pass
        environment:
            - SPRING-CLOUD-CONFIG-SERVER-GIT-PASSWORD=/run/secrets/git-repo-pass

secrets:
    git-repo-pass:
        external: true

Exception thrown: Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot load environment] with root cause

Please let me know if there is a way to load the application properties using docker secrets. Thank You !!

Inhospitable answered 12/11, 2020 at 20:16 Comment(0)
D
0

Basically, secrets are just files, stored securely and mounted when container starts. It won't become an environment variable on its own, so you have to make that happen.

The fastest way for you to make things running is to modify the startup command to something like export SPRING-CLOUD-CONFIG-SERVER-GIT-PASSWORD=$(cat /run/secrets/git-repo-pass) && <actual_command>, which will read the file into an environment variable and then do whatever it suppose to do. You can make it right in the compose file with command option under service name.

The right way to solve this, is to make a second variable and change the application to read the file, located at the path stored in the variable. This is something like a common practice for Docker image maintainers to provide a second variable for secrets with FILE at the end, like SPRING-CLOUD-CONFIG-SERVER-GIT-PASSWORD-FILE.

Drawbar answered 12/11, 2020 at 20:55 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.