Using Docker Secrets in Karaf Configuration

2020-05-05 Thread Alex Soto
I found using Docker Secrets a convenient a way to protect passwords when running Docker containers. I know I can reference an environment variables in Karaf's config files, but that is not very secure, or at least less secure than secrets. For example, to configure a key store in the Pax Web

Re: Using Docker Secrets in Karaf Configuration

2020-05-18 Thread Mike Hummel
Hi, store your secrets as bash script with key=value and include the secret in your start script . /run/secrets/credentials.sh Now the secrets are available as shell environment. Regards, Mike > On 5. May 2020, at 22:16, Alex Soto wrote: > > I found using Docker Secrets a convenient a wa

Re: Using Docker Secrets in Karaf Configuration

2020-05-19 Thread Alex Soto
Thanks Mike, Yes, that would work, but wasn’t the secret mechanism added precisely to avoid the unsafe environment variables? Best regards, Alex soto > On May 18, 2020, at 2:57 PM, Mike Hummel wrote: > > Hi, > > store your secrets as bash script with > > key=value > > and include the s

Re: Using Docker Secrets in Karaf Configuration

2020-05-24 Thread Mike Hummel
Hi Alex, I understand that you should not use the '-e' flags for secrets. A common way is to define the secret file with an environment flag and load it. And in this way you can sopport both. Environment and secrets. A nice sample is https://github.com/docker-library/wordpress/blob/master/dock

Re: Using Docker Secrets in Karaf Configuration

2020-05-26 Thread Alex Soto
Thank you Mike, Still finding this too complex and less secure solution to an arguably common problem (at least when using Docker). Currently, I can have the following in a configuration file: org.ops4j.pax.web.ssl.password=${env:MYPASSWORD} And, as the documentation states: > Envir

Re: Using Docker Secrets in Karaf Configuration

2020-05-26 Thread Jean-Baptiste Onofre
Hi Alex, That’s a good idea about file. Can you please create a Jira about that ? Regards JB > Le 26 mai 2020 à 19:57, Alex Soto a écrit : > > Thank you Mike, > > Still finding this too complex and less secure solution to an arguably common > problem (at least when using Docker). Currently

Re: Using Docker Secrets in Karaf Configuration

2020-05-27 Thread Alex Soto
Thanks, JB, here it is: https://issues.apache.org/jira/browse/KARAF-6733 Best regards, Alex soto > On May 27, 2020, at 12:16 AM, Jean-Baptiste Onofre wrote: > > Hi Alex, > > That’s a good idea about file. > > Can you please create a Jir

Re: Using Docker Secrets in Karaf Configuration

2020-06-04 Thread Mike Hummel
Hi, I like the idea too ... It should be possible to set a default value. Like always :) Regards, Mike > On 27. May 2020, at 16:13, Alex Soto wrote: > > Thanks, JB, here it is: > > > https://issues.apache.org/jira/browse/KARAF-6733 > >