docker-secret

Create a new secret from stdin

$ [command] | docker secret create [secret_name] -

$ docker secret create [secret_name] [path/to/file]

$ docker secret ls

$ docker secret inspect --pretty [secret_name1 secret_name2 ...]

$ docker secret rm [secret_name1 secret_name2 ...]

docker-secret ACTION [SECRET_NAME] [OPTIONS]

Examples of common actions and their hypothetical usage:
docker-secret create my_secret --file ./secret.txt
docker-secret create db_password --value "secure_password"
docker-secret ls
docker-secret rm my_secret

ACTION
    The operation to perform. Common actions include create (to add a new secret), remove or rm (to delete a secret), list or ls (to view existing secrets), and potentially get or inspect (to retrieve or view details of a secret).

SECRET_NAME
    The name of the Docker secret to create, remove, or inspect. This name is used by Docker services to access the secret.

--file <path>
    Specifies a file from which to read the secret content. This is common for creating secrets from existing configuration files or sensitive data.

--value <string>
    Provides the secret content directly as a string argument. Useful for small, inline secrets or programmatically generated values.

--label <key=value>
    Adds metadata labels to the secret, similar to Docker's native labeling capabilities. These labels can be used for organization or filtering.

--force
    Forces an action, such as the removal of a secret, without requiring confirmation.

docker-secret typically refers to a custom script or a utility designed to simplify and automate the creation, management, and consumption of Docker secrets.

It is important to note that docker-secret is not a standard, officially distributed command included in the Docker CLI suite. Instead, it represents a common pattern or a third-party tool developed by the community to bridge gaps in existing Docker workflows, especially for local development with docker-compose, or for automating secret provisioning in CI/CD pipelines.

While Docker provides native commands like docker secret create and docker secret ls for managing secrets within a Swarm environment, a docker-secret utility often aims to provide a more convenient wrapper. It might automate tasks such as generating secrets from environment variables or files, making them easily consumable by Docker services, or integrating with `.env` files to provision secrets for local development stacks.

docker-secret is not a standard Docker command; its availability and specific functionality depend entirely on whether a custom script or third-party utility with this name has been installed or created on the system.

Its behavior can vary widely between different implementations. Users should always verify the source and functionality of any `docker-secret` script before use, especially concerning sensitive data.

For official Docker secret management, refer to the `docker secret` subcommands, which require Docker Swarm mode to be enabled.

• Local Development with docker-compose: Automating the provisioning of secrets from local files (e.g., `.env` files) into Docker secrets, making them accessible to services defined in `docker-compose.yml` without manual intervention.
• Secret Generation: Generating strong, random passwords or API keys and injecting them as Docker secrets.
• Automated Deployment: Integrating secret creation and management into CI/CD pipelines to ensure sensitive data is securely handled during application deployment.

When using any `docker-secret` utility, it's crucial to understand how it handles sensitive data. Ensure that secrets are not exposed in logs, environment variables, or version control. Always use secure methods for storing and transmitting secrets, and verify the integrity of the utility itself.

The need for `docker-secret`-like utilities arose as Docker's native secret management (introduced with Docker Swarm) was initially focused on Swarm mode, leaving a gap for simpler, more direct secret handling in single-host deployments or during local development with `docker-compose`. Developers often created their own scripts to automate the creation of secrets from `.env` files or local paths, leading to the conceptual emergence of a 'docker-secret' utility that wraps or complements the official Docker CLI commands for ease of use in specific workflows.

docker secret(1), docker-compose(1), openssl(1), base64(1)