I want to use in docker swarm secrets. I init the docker swarm.
I create the secrets with:
echo "password1" | docker secret create my_mysql_wordpress_password -
echo "password2" | docker secret create my_mysql_root_password -
Then I deploy the stack with:
docker stack deploy -c mysql.yml mysql
The mysql.yml file:
version: "3.7"
services:
mysql:
image: mariadb:latest
ports:
- "0.0.0.0:3306:3306"
deploy:
replicas: 1
labels:
- "traefik.enable=false"
environment:
- MYSQL_USER=wordpress_admin
- MYSQL_PASSWORD=/run/secrets/my_mysql_wordpress_password
- MYSQL_ROOT_PASSWORD=/run/secrets/my_mysql_root_password
secrets:
- my_mysql_wordpress_password
- my_mysql_root_password
volumes:
- mysql_data:/var/lib/mysql
networks:
- traefik-backend
secrets:
my_mysql_wordpress_password:
external: true
my_mysql_root_password:
external: true
volumes:
mysql_data:
driver: local
driver_opts:
o: bind
type: none
device: /data/mysql_data
networks:
traefik-backend:
external: true
Now the database server starts. When I try now to connect to the server, the password from root is not "password2" (the value from the secret), the password is "/run/secrets/my_mysql_root_password"
What is wrong? Why is the password the run-String and not the value from the secret?
After looking in different documentation, it seems that the solution is NOT clear. I do not understand how/why it works either, but here is what worked for me:
version: "3.7"
services:
mysql:
image: mariadb:latest
ports:
- "0.0.0.0:3306:3306"
deploy:
replicas: 1
labels:
- "traefik.enable=false"
environment:
- MYSQL_USER=wordpress_admin
- MYSQL_PASSWORD_FILE=/run/secrets/my_mysql_wordpress_password
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/my_mysql_root_password
secrets:
- my_mysql_wordpress_password
- my_mysql_root_password
volumes:
- mysql_data:/var/lib/mysql
networks:
- traefik-backend
secrets:
my_mysql_wordpress_password:
external: true
my_mysql_root_password:
external: true
...
Adding "_FILE" to the environment variables did the trick.