Securing Sensitive Details of Your Containerized Docker Applications

Nothing to see here!!!

When building applications using frameworks like Nodejs it's easy enough to implement dotenv libraries which give you the ability to pull in your environment specific and other config data when running the application from a .env file. It is also important that this data is kept away from your repositories and within the images of your docker package repositories not only taking your development environment into consideration but also in a way that ensures that info is kept safe during deployment to test and production environments. A popular example of such an implementation would look something like below which works great for dev environments but when deploying to the test environments simply don't work.

The .env file

config/environment data

The code

When using docker-compose to build the environment from the docker image the parameters in the .env file are simply not transferred into the container resulting in errors when bringing up the environment. The fix for this requires a few modifications to the code and the docker-compose file

Updated code

With containerization in mind.

Referencing the .env file in the docker-compose file as well as the environment parameters

Docker compose file referencing .env and environment parameters

And hey presto you have the ability to maintain separate config files for the different dev, test and production environments with minimal config changes and interventions during deployment when using docker-compose to build your environment.

This solution is not perfect because the PrivateKey and PublicKey still sit in the .env file but the hacker would have to be able to log onto the host machines to gain access to these detils. Another solution would be to use secrets but that's another story for another day.

--

--

--

SCRUM, Software Delivery, Developer, QA and Lover of life.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A Lightning Fast Issuer and Security Lookup JSON API

iOS App Localization

Reclaim disk space by removing stale and unused Docker data

WorkflowGen and Teams integration with Microsoft Power Automate

What is actually a REST API ?

Rails vs. Node: database communication

How to personalize your github profile

Shopping Cart API Integration: How to Build It Easily

shopping cart api integration

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MRK

MRK

SCRUM, Software Delivery, Developer, QA and Lover of life.

More from Medium

Dockerize MERN Full Stack App Part 7(Define your kubernetes configuration for the backend)

Java-Spring Boot | GraphQL | Docker

Install MongoDB in Ubuntu with Authentication

SECURE MongoDB UBUNTU SERVER!*