Docker stack deploy with docker secrets

Drone Support
1

Hello there when I hard code secret information into my compose file everything works fine.

But this is not secure is there are way to use docker secrets when I am deploying the my stack in docker swarm?

This works:

version: β€œ3.3”

services:
drone-server:
image: drone/drone:1
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_PRETTY=true
- DRONE_SERVER_HOST=drone.example.io
- DRONE_SERVER_PROTO=https
- DRONE_TLS_AUTOCERT=false
- DRONE_RUNNER_CAPACITY=2
- DRONE_USER_CREATE=username:myuser,admin:true
- DRONE_BITBUCKET_CLIENT_ID=11111111111mY1111111
- DRONE_BITBUCKET_CLIENT_SECRET=99999999G3aA1999999
…

This doesn’t work:

version: β€œ3.3”

services:
drone-server:
image: drone/drone:1
secrets:
- bitbucket_client_id
- bitbucket_client_secret
environment:
- DRONE_LOGS_DEBUG=true
- DRONE_LOGS_PRETTY=true
- DRONE_SERVER_HOST=drone.example.io
- DRONE_SERVER_PROTO=https
- DRONE_TLS_AUTOCERT=false
- DRONE_RUNNER_CAPACITY=2
- DRONE_USER_CREATE=username:myuser,admin:true
- DRONE_BITBUCKET_CLIENT_ID=/run/secrets/bitbucket_client_id
- DRONE_BITBUCKET_CLIENT_SECRET=/run/secrets/bitbucket_client_secret

2

You can use the secrets module available for drone. Drone provides 3 different ways to integrate secrets securely into your pipeline.

https://docs.drone.io/user-guide/secrets/

I personally recommend and prefer using encrypted secrets. This has been implemented very smartly. Being a security person, I even tested for its security aspects and I believe it to be best among available options.
https://docs.drone.io/user-guide/secrets/encrypted/

1 Like
3

Thank you @Rewanth_Cool This is just what I was looking for.

4

Hey I’ve tried to re-state the secrets issue as a feature request in Can drone/drone image support _FILE for env var secrets, hopefully that can be addressed soon :slight_smile:

5

You can store secrets in a file and load using the method described here: