Dockerdevops~30 mins

Secrets management in Docker - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Secrets Management with Docker

📖 Scenario: You are working on a small web application that needs to use a secret password to connect to a database. To keep this password safe, you want to use Docker secrets instead of putting the password directly in your Dockerfile or environment variables.

🎯 Goal: Learn how to create a Docker secret, use it in a Docker service, and verify that the secret is available inside the container securely.

📋 What You'll Learn

Create a Docker secret with a specific password

Create a Docker service that uses the secret

Verify the secret is accessible inside the container

Print the secret content inside the container

💡 Why This Matters

🌍 Real World

Secrets management is critical in real projects to keep passwords, API keys, and tokens safe. Docker secrets help avoid exposing sensitive data in code or environment variables.

💼 Career

Understanding Docker secrets is important for DevOps roles to securely manage credentials in containerized applications and maintain best security practices.

Progress0 / 4 steps

Create a Docker secret with the password

Use the Docker CLI to create a secret named db_password with the exact value SuperSecret123!. Run the command echo "SuperSecret123!" | docker secret create db_password - in your terminal.

Docker

# Run the command to create the secret
# Your code here

Need a hint?

Use echo to send the password and pipe it to docker secret create with the secret name db_password.

Create a Docker service that uses the secret

Create a Docker service named secret_test using the alpine image. Add the secret db_password to the service with the option --secret db_password. Use the command docker service create --name secret_test --secret db_password alpine sleep 1000.

Docker

echo "SuperSecret123!" | docker secret create db_password -
# Create the Docker service named secret_test with the secret db_password
# Your code here

Need a hint?

Use docker service create with --name secret_test and --secret db_password options. Use alpine image and run sleep 1000 to keep the container running.

Access the secret inside the running container

Find the container ID of the running secret_test service using docker ps. Then, execute a shell inside the container with docker exec -it <container_id> sh. Inside the container, read the secret file located at /run/secrets/db_password using cat /run/secrets/db_password.

Docker

echo "SuperSecret123!" | docker secret create db_password -
docker service create --name secret_test --secret db_password alpine sleep 1000
# Find the container ID and run a shell inside it
# Your code here

Need a hint?

Use docker ps --filter name=secret_test -q to get the container ID, then docker exec -it <container_id> sh to open a shell. Inside, use cat /run/secrets/db_password to see the secret.

Print the secret content from inside the container

Print the content of the secret file /run/secrets/db_password inside the container by running docker exec $(docker ps --filter name=secret_test -q) cat /run/secrets/db_password. This will display the secret password stored securely.

Docker

echo "SuperSecret123!" | docker secret create db_password -
docker service create --name secret_test --secret db_password alpine sleep 1000
# Print the secret content from the container
# Your code here

Need a hint?

Use docker exec $(docker ps --filter name=secret_test -q) cat /run/secrets/db_password to print the secret directly from the running service container.