Docker secret for postgres, redis and redis_cache

[slu-ymca]

Hi everyone,

according to wiki (page deployment), it's not recommended to store passwords, e.g. for database or redis connection, in an environment variable. I tried to follow the instructions and used Docker secrets. Changing the superuser password and api token works, however the database and redis connection stop working (due to wrong password) once I change the secret using Docker secrets.

Did anybody manage to get this running using Docker secrets? I can see that the respective /run/secrets/ file is mounted in the container.
Is it possible that redis, redis_cache and postgres ignore those files in /run/secrets? I named the secret file exactly the same way as the environment variable.

cat docker-compose.override.yml
version: '3.4'
services:
  netbox:
    image: &NetboxImage netboxcommunity/netbox:${VERSION-latest-ldap}
    ports:
      - 8000:8080
    secrets:
      - superuser_password
      - redis_password
      - redis_cache_password
      - superuser_api_token
  netbox-worker:
    image: *NetboxImage
  redis:
    secrets:
      - redis_password
  redis-cache:
    secrets:
      - source: redis_cache_password
        target: "/run/secrets/redis_password"

secrets:
  superuser_password:
    external: true
  superuser_api_token:
    external: true
  redis_password:
    external: true
  redis_cache_password:
    external: true

docker container exec -it netbox_redis.1.tkaup7r52q8ei7qf3a7nou132 ls /run/secrets
redis_password

Thanks in advance!

Cheers
Slu

[slu-ymca]

Update: I managed to get postgres running by removing the password from the respective env file and adding the following environment statement:

POSTGRES_PASSWORD_FILE: "/run/secrets/db_password"

Is there any more elegant way to do so?