Docker secrets are not working

[goegol]

Support guidelines

• I've read the support guidelines

I've found an issue and checked that ...

• ... the documentation does not mention anything about my problem
• ... there are no open or closed issues that are related to my problem

Description

Hi,

The docker secrets you described in the readme are not the offical way of using it.
And also there are not working.

See also the documentation on https://docs.docker.com/engine/swarm/secrets/
But normally, in a docker swarm you create a secret, in the docker compose you can attach the docker secret to the docker container, and the environment var readout the secret file.

By example leantime (opensource planning tool), solved it in the start up script.
Quick example:
if [[ -n "${LEAN_DB_PASSWORD_FILE}" ]]; then LEAN_DB_PASSWORD=$(cat "${LEAN_DB_PASSWORD_FILE}") export LEAN_DB_PASSWORD fi

Expected behaviour

I can use the docker secrets with FILE__

Actual behaviour

Docker secret is not set, fall back to load .env file and everything is working as expected.

Steps to reproduce

Attach docker secrets
Change one of the env vars to FILE__ (by example database password)
DSMR unable to startup because of no password used for DB

Docker info

Client: Docker Engine - Community
 Version:    27.5.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.19.3
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.32.3
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 43
  Running: 41
  Paused: 0
  Stopped: 2
 Images: 28
 Server Version: 27.5.0
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 1
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
 Swarm: active
  NodeID: hidden
  Is Manager: true
  ClusterID: hidden
  Managers: 1
  Nodes: 1
  Default Address Pool: 10.0.0.0/8  
  SubnetSize: 24
  Data Path Port: 4789
  Orchestration:
   Task History Retention Limit: 5
  Raft:
   Snapshot Interval: 10000
   Number of Old Snapshots to Retain: 0
   Heartbeat Tick: 1
   Election Tick: 10
  Dispatcher:
   Heartbeat Period: 5 seconds
  CA Configuration:
   Expiry Duration: 3 months
   Force Rotate: 0
  Autolock Managers: false
  Root Rotation In Progress: false
  Node Address: 192.168.20.8
  Manager Addresses:
   192.168.20.8:2377
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
 runc version: v1.2.4-0-g6c52b3f
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
 Kernel Version: 6.6.67-v8+
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 3.751GiB
 Name: pi03
 ID: 41b9e8a1-96c6-49ad-bee0-13c47d10a55e
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Version

6.6.67-v8+ #1833 SMP PREEMPT Fri Dec 20 14:14:15 GMT 2024 aarch64 GNU/Linux

Docker compose

n.a.

Container logs

n.a.

Additional info

No response

[xirixiz]

Perhaps this can help: #353

However, let me create a new develop release with proper docs so you can do some validations

[xirixiz]

New develop image ready with an updated readme.

[xirixiz]

I just checked some things with another guy using Docker secrets. He says it's working fine.

Secrets Definition:

• Internal Secrets: Defined a_secret_file and postgres_password as internal secrets by specifying the file directive. Ensure that the files ./secrets/a_secret_file.txt and ./secrets/postgres_password.txt exist and contain your secret data.

secrets:
  a_secret_file:
    file: ./secrets/a_secret_file.txt  # Define the path to your secret file

• External Secrets: If you prefer using external secrets (managed outside of Docker Compose), you can set external: true and create them using Docker Swarm. Instructions are provided below.

secrets:
  a_secret_file:
    external: true

So ignore the develop image please, in which Docker secrets will not work atm. Could you validate again with the main image?
If it is working correctly with this info, I`ll update the README, which I need to spend some time on anyway :)

[goegol]

Currently im ill, will do test next week