Securing Sensitive Details of Your Containerized Docker Applications

Nothing to see here!!!

When building applications using frameworks like Nodejs it's easy enough to implement dotenv libraries which give you the ability to pull in your environment specific and other config data when running the application from a .env file. It is also important that this data is kept away from your repositories and within the images of your docker package repositories not only taking your development environment into consideration but also in a way that ensures that info is kept safe during deployment to test and production environments. A popular example of such an implementation would look something like below which works great for dev environments but when deploying to the test environments simply don't work.

The .env file

config/environment data

The code

When using docker-compose to build the environment from the docker image the parameters in the .env file are simply not transferred into the container resulting in errors when bringing up the environment. The fix for this requires a few modifications to the code and the docker-compose file

Updated code

With containerization in mind.

Referencing the .env file in the docker-compose file as well as the environment parameters

Docker compose file referencing .env and environment parameters

And hey presto you have the ability to maintain separate config files for the different dev, test and production environments with minimal config changes and interventions during deployment when using docker-compose to build your environment.

This solution is not perfect because the PrivateKey and PublicKey still sit in the .env file but the hacker would have to be able to log onto the host machines to gain access to these detils. Another solution would be to use secrets but that's another story for another day.

--

--

--

SCRUM, Software Delivery, Developer, QA and Lover of life.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

To compare to similar terms, it will be better to start it with its roots.

Note API Project

GRAPHQL IS THE FUTURE OF APIS

Football Transfers Graph — Linked Data Edition

Connect Customer to Developer with OneDev Service Desk

Gomez v Draper Live’Stream[Free]

Online live stream search engine

Digging a common GRAVE for Kitty Cake! ($KCake)

Increase Productivity With PHP 7.4, What's New?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MRK

MRK

SCRUM, Software Delivery, Developer, QA and Lover of life.

More from Medium

Hosting frontend app on Cloud - Part I

Setting up Kibana for Elasticsearch in Local

Getting started with Apache APISIX

Avoiding CI/CD dependency conflicts by using Containers