Skip to content

Commit 417299d

Browse files
yuanyu90221yuanyu90221
committed
feat: move credential data with environment variable
move credential data with environment variable move credential data with environment variable
1 parent c9d8716 commit 417299d

File tree

3 files changed

+30
-8
lines changed

3 files changed

+30
-8
lines changed

.gitignore

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -154,4 +154,5 @@ dist
154154
.yarn/build-state.yml
155155
.yarn/install-state.gz
156156
.pnp.*
157-
./app/node_modules
157+
./app/node_modules
158+
.env

README.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,3 +144,24 @@ mkdir app
144144
mongodb:
145145
condition: service_healthy
146146
```
147+
148+
## for security issue: set those secret with environment variable
149+
150+
1. use environment to inject credential data
151+
```yaml
152+
environment:
153+
MONGO_INITDB_ROOT_USERNAME: ${MONGO_DB_ADMIN_USER}
154+
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_DB_ADMIN_PASSWD}
155+
```
156+
157+
## use docker compose secret to inject secret
158+
```yaml
159+
services:
160+
myapp:
161+
image: maapp:latest
162+
secrets:
163+
- my_secret
164+
secrets:
165+
my_secret:
166+
file: ./my_secret.txt
167+
```

docker-compose.yml

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -7,23 +7,23 @@ services:
77
image: mongo:latest
88
container_name: mongodb
99
environment:
10-
MONGO_INITDB_ROOT_USERNAME: admin
11-
MONGO_INITDB_ROOT_PASSWORD: supersecret
10+
MONGO_INITDB_ROOT_USERNAME: ${MONGO_DB_ADMIN_USER}
11+
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_DB_ADMIN_PASSWD}
1212
networks:
1313
- mongo-network
1414
ports:
1515
- 27017:27017
1616
healthcheck:
17-
test: echo 'db.runCommand("ping").ok' | mongosh mongodb://admin:supersecret@localhost:27017/ --quiet
17+
test: echo 'db.runCommand("ping").ok' | mongosh mongodb://${MONGO_DB_ADMIN_USER}:${MONGO_DB_ADMIN_PASSWD}@localhost:27017/ --quiet
1818
interval: 5s
1919
timeout: 10s
2020
retries: 3
2121
mongo-express:
2222
image: mongo-express:latest
2323
container_name: mongo-express
2424
environment:
25-
ME_CONFIG_MONGODB_ADMINUSERNAME: admin
26-
ME_CONFIG_MONGODB_ADMINPASSWORD: supersecret
25+
ME_CONFIG_MONGODB_ADMINUSERNAME: ${MONGO_DB_ADMIN_USER}
26+
ME_CONFIG_MONGODB_ADMINPASSWORD: ${MONGO_DB_ADMIN_PASSWD}
2727
ME_CONFIG_MONGODB_SERVER: mongodb
2828
depends_on:
2929
mongodb:
@@ -42,8 +42,8 @@ services:
4242
networks:
4343
- mongo-network
4444
environment:
45-
MONGO_DB_USERNAME: admin
46-
MONGO_DB_PWD: supersecret
45+
MONGO_DB_USERNAME: ${MONGO_DB_ADMIN_USER}
46+
MONGO_DB_PWD: ${MONGO_DB_ADMIN_PASSWD}
4747
ports:
4848
- 3000:3000
4949
depends_on:

0 commit comments

Comments
 (0)