Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Docker on Amazon Web Services

You're reading from   Docker on Amazon Web Services Build, deploy, and manage your container applications at scale

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher Packt
ISBN-13 9781788626507
Length 822 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Justin Menga Justin Menga
Author Profile Icon Justin Menga
Justin Menga
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Container and Docker Fundamentals 2. Building Applications Using Docker FREE CHAPTER 3. Getting Started with AWS 4. Introduction to ECS 5. Publishing Docker Images Using ECR 6. Building Custom ECS Container Instances 7. Creating ECS Clusters 8. Deploying Applications Using ECS 9. Managing Secrets 10. Isolating Network Access 11. Managing ECS Infrastructure Life Cycle 12. ECS Auto Scaling 13. Continuously Delivering ECS Applications 14. Fargate and ECS Service Discovery 15. Elastic Beanstalk 16. Docker Swarm in AWS 17. Elastic Kubernetes Service 18. Assessments 19. Other Books You May Enjoy

Injecting secrets at container startup


One challenge with secrets management in Docker is passing secrets to your containers in a secure fashion. 

The following diagram illustrates a somewhat naive but understandable approach that uses environment variables to inject your secrets directly as plaintext values, which is the approach we took in Chapter 8: 

Injecting passwords via environment variables

 

This approach is simple to configure and understand, however it is not considered best practice from a security perspective. When you take such an approach, you can view your credentials in plaintext by inspecting the ECS task definition, and if you run docker inspect commands on your ECS container instances, you can also view your credentials in plaintext. You may also inadvertently end up logging your secrets using this approach, which could be shared inadvertently with unauthorized third parties, so clearly this approach is not considered good practice.

An alternative approach that is considered...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image