docker-secret

Manage Docker secrets

TLDR

Create a new secret from stdin

$ [command] | docker secret create [secret_name] -

Create a new secret from a file

$ docker secret create [secret_name] [path/to/file]

List all secrets

$ docker secret ls

Display detailed information on one or multiple secrets in a human friendly format

$ docker secret inspect --pretty [secret_name1 secret_name2 ...]

Remove one or more secrets

$ docker secret rm [secret_name1 secret_name2 ...]

SYNOPSIS

docker secret create|inspect|ls|rm [OPTIONS] [ARGS]

--driver string (create)
    Secret driver (default: default)

--label, -l list (create)
    Key-value labels for secrets

--format, -f string (inspect, ls)
    Go template for custom output

--pretty (inspect)
    Human-readable format (default: true)

--filter, -f filter (ls)
    Filter secrets (e.g., dangling=true)

--quiet, -q (ls)
    Display only secret IDs

DESCRIPTION

The docker secret command manages secrets in Docker Swarm mode, providing a secure mechanism to handle sensitive data like passwords, certificates, and keys. Secrets are encrypted at rest on manager nodes and during transit, mounted read-only as files in containers at /run/secrets/<name> with 0444 permissions.

Key operations include creating secrets from files or stdin, listing with filters, inspecting details, and removing them. Secrets are Swarm-scoped, replicated to necessary nodes, and automatically rotated or cleaned up. They enhance security by avoiding environment variables or plaintext configs, integrating seamlessly with Docker services via --secret flags.

Requires initialized Swarm cluster; not for standalone Docker. Supports drivers for external secret stores like Vault. Ideal for production microservices needing credential isolation.

docker-secret

Manage Docker secrets

TLDR

SYNOPSIS

PARAMETERS

DESCRIPTION

CAVEATS

MOUNTING SECRETS

SECURITY

HISTORY

SEE ALSO