Below is the snippet of docker-compose file having passwords:
test:
build: ../../
dockerfile: docker/dev/Dockerfile
volumes_from:
- cache
links:
- db
environment:
DJANGO_SETTINGS_MODULE: todobackend.settings.test
MYSQL_HOST: db
MYSQL_USER: root
MYSQL_PASSWORD: password
TEST_OUTPUT_DIR: /reports
db:
image: mysql:5.6
hostname: db
expose:
- "3386"
environment:
MYSQL_ROOT_PASSWORD: password
Running this file in AWS environment,
Can be using KMS storing in s3 and another approach is AWS parameter store
When building dockerfile and launching containers using docker-compose, How to maintain secrets safely, without exposing it to text files? any code snippet...
You can use the integration between ECS and Secrets Manager to put the references to the secrets stored in Secrets Manager in the ECS task definition and then reference them as environment varialbles. The ECS docs provide a short tutorial on this (and there are more elaborate blog posts).