Docker Secrets

A simple library to load Docker secrets in a swarm cluster as a map..

License

License

Categories

Categories

Docker Container Virtualization Tools
GroupId

GroupId

com.cars
ArtifactId

ArtifactId

docker-secrets
Last Version

Last Version

0.2.0
Release Date

Release Date

Type

Type

jar
Description

Description

Docker Secrets
A simple library to load Docker secrets in a swarm cluster as a map..
Project URL

Project URL

https://github.com/carsdotcom/docker-secrets-java
Source Code Management

Source Code Management

https://github.com/carsdotcom/docker-secrets-java

Download docker-secrets

How to add to project

<!-- https://jarcasting.com/artifacts/com.cars/docker-secrets/ -->
<dependency>
    <groupId>com.cars</groupId>
    <artifactId>docker-secrets</artifactId>
    <version>0.2.0</version>
</dependency>
// https://jarcasting.com/artifacts/com.cars/docker-secrets/
implementation 'com.cars:docker-secrets:0.2.0'
// https://jarcasting.com/artifacts/com.cars/docker-secrets/
implementation ("com.cars:docker-secrets:0.2.0")
'com.cars:docker-secrets:jar:0.2.0'
<dependency org="com.cars" name="docker-secrets" rev="0.2.0">
  <artifact name="docker-secrets" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.cars', module='docker-secrets', version='0.2.0')
)
libraryDependencies += "com.cars" % "docker-secrets" % "0.2.0"
[com.cars/docker-secrets "0.2.0"]

Dependencies

compile (1)

Group / Artifact Type Version
org.slf4j : slf4j-api jar 1.7.14

test (1)

Group / Artifact Type Version
junit : junit jar 4.12

Project Modules

There are no modules declared in this project.

Docker Secrets

Build Status Apache 2.0

A simple library to load Docker secrets in a swarm cluster as a map.

Download

Gradle

repositories {
  jcenter()
}

dependencies {
  compile 'com.cars:docker-secrets:0.2.0'
}

Maven

<dependency>
  <groupId>com.cars</groupId>
  <artifactId>docker-secrets</artifactId>
  <version>0.2.0</version>
</dependency>

Usage

Docker secrets are availble to a container under /run/secrets/

Given the below secrets :

$ echo "test-secret1-value" | docker secret create test-secret1 -
$ echo "test-secret2-value" | docker secret create test-secret2 -
$ echo "test-secret3-value" | docker secret create test-secret3 -

To load all secrets :

Map<String, String> secrets = DockerSecrets.load();
System.out.println(secrets.get("test-secret1")) // test-secret1-value

Since secrets are files, you can have a secret created with a properties file syntax as below

//secret-file.txt
dbuser=readonly
dbpass=super-secret-password
apikey=very-secret-api-key

Create the secret using the file:

$ docker secret create test-secret secret-file.txt

Then to load that secret:

Map<String, String> secrets = DockerSecrets.loadFromFile("test-secret");
System.out.println(secrets.get("dbuser")) // readonly

Working with Spring framework

Here is an example of how a SecretsConfig will look like when using Spring framework. It uses profiles to work with secrets locally. So if you are just testing you application outside of Docker, you can still use the same code

Create a file under src/main/resource/config/secrets-file

//secrets-file
dbuser=readonly
dbpass=secret-pass

And use this @Configuration:

package com.cars.devops.config;

import java.io.File;
import java.net.URL;
import java.util.Collections;
import java.util.Map;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;

import com.cars.framework.secrets.DockerSecretLoadException;
import com.cars.framework.secrets.DockerSecrets;

@Configuration
public class SecretsConfig {

  //File under src/main/resources/config/
  private final String DEFAULT_SECRETS_FILE = "config/secrets-file";

  // This bean will be used in non-local or no profiles
  @Bean(name = "secrets")
  @Profile(value = "!local")
  public Map<String, String> secrets() {
    try {
      return DockerSecrets.loadFromFile("secrets-file");
    } catch (DockerSecretLoadException e) {
      System.out.println("Secrets Load failed : " + e.getMessage());
    }
    return Collections.emptyMap();
  }

  // This bean will be used for 'local' profile
  @Bean(name = "secrets")
  @Profile(value = "local")
  public Map<String, String> localSecrets() {
    try {
      URL url = ClassLoader.getSystemResource(DEFAULT_SECRETS_FILE);
      if (url != null) {
        return DockerSecrets.loadFromFile(new File(url.getPath()));
      } else {
        System.out.println("Secrets Load failed : No file at " + DEFAULT_SECRETS_FILE);
      }
    } catch (DockerSecretLoadException e) {
      System.out.println("Secrets Load failed : " + e.getMessage());
    }
    return Collections.emptyMap();
  }
}

Now you can run you application with the local profile :

$ java -Dspring.profiles.active=local -jar your.jar

Or if using Spring boot:

$ gradlew bootRun -Dspring.profiles.active=local

Use @Resource to reference the secrets bean in other beans/configs:

public class Application {

  @Resource(name = "secrets")
  private Map<String, String> secrets;

  // TODO Add your application beans here or use @Import as above

  @Bean
  public String somebean() {
    System.out.println("DBuser is : " + secrets.get("dbuser")); //should print readonly
    return "";
  }

  public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
  }

}

Build

$ ./gradlew clean build

Test

$ ./gradlew clean test

License

Apache 2.0

com.cars

Cars.com

Versions

Version
0.2.0
0.2.0-rc.6.dev.0+4e40314
0.2.0-rc.6
0.2.0-rc.5