Procedure for working with passwords in Docker AWS

Rather than including passwords for (eg) connecting to postgresql in the docker config, we're using AWS secrets to inject environment variables into the docker containers when they are built.

Prerequisites:

AWS "putparameter" permissions for each secret you want to create for the role you're running aws-cli as

Then run the following:

aws-cli ssm put-parameter --name [thenameofthesecret] --value [thevalueofthesecret] --type "SecureString"

eg to set the postgresql password for the superuser:

aws-cli ssm put-parameter --name "postgres-su-password" --value "imapasswordchangeme" --type "SecureString"

In the ecs-params.yml file, for the containers or services that will use this secret add the following:

services:
   servicename:
   ...
   secrets:
     - value_from: [thenameofthesecret]
      name: [ENVVARIABLE]

Then in the docker-compose file (probably but not necessarily docker-compose.yml), where you might previously have had the following:

services:
   servicename:
      ...
      environment:
         ENVVARIABLE: imapasswordchangeme
         OTHERENVVARIABLE: notasecret

You now no longer need to declare ENVVARIABLE at all, eg:

services:
   servicename:
      ...
      environment:
         OTHERENVVARIABLE: notasecret

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Procedure for working with passwords in Docker AWS

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally