how to use a docker secret for keycloak applications using a docker swarm2 min read

We need your support!!
Other Amount:
techrunnr.com:
24-Hour Flash Sale. Courses from just ₹ 490.
Prabhin Prabharkaran Administrator
DevOps Engineer

He is a Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!

follow me

Hi All, this document shows you how to use a docker secret for keycloak applications using a docker swarm.

Docker secret enables you to hide sensitive data such as usernames and passwords from the docker environment variables.
Docker secret works only in swarm mode.

Docker swarm converts the secrets variable to environmental variables internally for the containers.
/run/secrets is the default storage location of docker secrets and these secrets are unencrypted inside the container(/run/secrets/<secret_name>).

Steps

1. create a docker secret for DB user password and keycloak admin user.

 

printf "admin123" | docker secret create KEYCLOAK_PASSWORD -

printf "Test@123" | docker secret create DB_PASSWORD -

2. Now we have secrets created for DB password and keycloak admin user.

Create the docker-compose file to use docker secret
NOTE: This is specifically for keycloak. For others stay tuned !!

version: '3.3'
services:
  keycloak:
      image: jboss/keycloak:latest
      ports:
       - 8080:8080
      environment:
        DB_VENDOR: mariadb
        KEYCLOAK_PASSWORD_FILE: /run/secrets/KEYCLOAK_PASSWORD
        DB_PASSWORD_FILE: /run/secrets/DB_PASSWORD
        DB_ADDR: 192.168.10.11
        DB_DATABASE: keycloak_cluster
        DB_USER: prabhin
        KEYCLOAK_USER: admin
        JGROUPS_DISCOVERY_PROTOCOL: JDBC_PING
        JGROUPS_DISCOVERY_PROPERTIES: datasource_jndi_name=java:jboss/datasources/KeycloakDS,info_writer_sleep_time=500
      secrets:
       - KEYCLOAK_PASSWORD
       - DB_PASSWORD
secrets:
  KEYCLOAK_PASSWORD:
   external: true
  DB_PASSWORD:
   external: true

that’s it, now you see the keycloak docker service is using docker secret which we created before.
You can check the secret file in /run/secret/<secret-name> inside the docker.

We need your support!!
Other Amount:
techrunnr.com:
#1
#2
#3
Questions Answered
Articles Written
Overall Points

Prabhin Prabharkaran

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!

You may also like...

Leave a Reply