1. Home
  2. Categories
  3. Support
  4. Proget docker image should support docker secrets

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Proget docker image should support docker secrets

  • S

    Hi Guys,

    Please could you allow your ProGet docker image to support secrets. Secrets are mounted as files from the docker host to the container. You should then allow a docker environment variable to specify a file path to the secret.

    This could be used in a docker stack file in the following way:

    version: '3.4'
services:
  Server:
    image: proget.inedo.com/productimages/inedo/proget:5.3.7
    networks:
      - traefik-public
      - clair
    environment:
      SQL_CONNECTION_STRING_FILE: "/run/secrets/proget_connection_string"
      TZ: "America/Denver"
    secrets:
     - source: proget_connection_string
       target: /run/secrets/proget_connection_string    
   volumes:
      - "/mnt/docker/proget/packages:/var/proget/packages"
      - "/mnt/docker/proget/extensions:/var/proget/extensions"
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - node.platform.os == linux
  secrets:
  proget_connection_string:
    external: true
    name: proget_connection_string

    You can find out more about docker secrets here:
    https://docs.docker.com/engine/swarm/secrets/

    Thanks
    Simon

    0
  • atripp
    inedo-engineer

    hi Simon, thanks for the suggestion!

    I'll be honest, I'm really not that familiar with Docker Swarm or Secrets, but I wonder, from the "code inside ProGet perspective", does this seem as simple as like,

    // fake code, just an example
if (EnvironmentVariables["proget_connection_string"] != null)
   return EnvironmentVariables["proget_connection_string"];

else if (EnvironmentVariables["proget_connection_string_file"])
   return File.ReadAllText(EnvironmentVariables["proget_connection_string_file"]);

else 
  return ReadFromNormalConfigFile();
    0 S 1 Reply
  • S

    Yes @atripp that looks easy enough. Hope to see it in a future version.

    Thanks

    Simon

    0 atripp 1 Reply
  • atripp
    inedo-engineer

    @scroak_6473 thanks Simon!

    I added PG-1790 to our system; one blocker I have... how should we document this?

    We'd love to even give an example of more advanced configuration, like how you have, of the Docker Compose file. Here's the current docs we have.

    https://github.com/Inedo/inedo-docs/blob/master/ProGet/installation/installation-guide/linux-docker.md

    If you can docs suggest or do a Pull Request that would help us get this done ASAP :)

    0 S 1 Reply
  • S

    Hi @atripp

    I've created a PR and added an expanded section on Environment variables.

    I would suggest creating a new page called running on Linux docker swarm and I can add some example stack files/notes to that page later.

    Thanks

    Simon

    0
  • rhessinger
    inedo-engineer

    Hi @scroak_6473,

    I created a branch and a blank page on GitHub for Docker Swarm. You should be able to add your notes and examples there. Please let me know if you have any issues!

    Thanks,
    Rich

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation