Use Swarm Secrets for receive AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY

[tmm360]

Currently S3 documentation with compose file reports:

AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}   # Read AWS secrets from environment (or a .env file)
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}

but .env file is not supported with a Stack deployment over Swarm. Instead, Swarm implements Secrets that would be a better solution for security purpose.

Use of them have to be implemented with the application, reading for example from /run/secrets/aws_access_key_id and /run/secrets/aws_secret_access_key, because secrets are not injectable directly from docker-stack.yml into environemnt.

[jareware]

This makes sense.

Want to open a PR? 🙂

[tmm360]

Ok I can, but I will need some time. 👍

[marcin-wlodarczyk]

Any progress on this?

[tmm360]

no sorry, very busy with other projects... at this point if other wants to open PR, please

[schiggi]

I think you do not need to alter the script but rather alter the readme.

I solved the problem by just creating the whole credentials file as a secret and referencing the actual file with the env var AWS_SHARED_CREDENTIALS_FILE. Btw. not only for secrets but also pretty useful for local environments, if you prefer to store the credentials not within yml.

i.e.:

backup:
   image: jareware/docker-volume-backup
   environment:
     AWS_S3_BUCKET_NAME: my-backup-bucket      # S3 bucket which you own, and already exists
     AWS_SHARED_CREDENTIALS_FILE: /run/secrets/aws3_credentials
   secrets:
     aws3_credentials