.NET Core Configuration provider for Docker Secrets
Ability to map docker secrets files to .net core configuration.
This package allows reading docker secrets files and pull them into the .net core configuration.
Docker by default mounts secrets as files at the /run/secrets
directory. The secrets file names
are used to identify the configuration targets.
About Docker Secrets
Docker secrets are part of the Docker swarm services. They are used to manage sensitive data which a container needs at runtime but which should not be stored in the container image or source control. Read more about docker secrets on the official docker documentation pages.
Getting Started
Using the NuGet package manager install the Mcrio.Configuration.Provider.Docker.Secrets
package, or add the following line to the .csproj
file:
<ItemGroup>
<PackageReference Include="Mcrio.Configuration.Provider.Docker.Secrets">
<Version>1.0.0</Version>
</PackageReference>
</ItemGroup>
Note: Replace version value with the latest version available.
Usage
By default all files within the directory /run/secrets
are scanned and processed as configuration.
.NET Core configuration uses :
as the section delimiter.
As :
cannot be used in file names, use __
in place where :
is needed.
AddDockerSecrets()
allows overriding of the default values
for the secrets directory path and the colon placeholder.
Often we want to process just specific secrets files. By setting allowed prefixes we can narrow down which files will be processed.
Simple usage
var configuration = new ConfigurationBuilder()
.AddDockerSecrets()
.Build();
var secretValue = configuration["mysecret"];
ASP.NET Core
// Program.cs
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration(configBuilder =>
{
configBuilder.AddDockerSecrets();
// allow command line arguments to override docker secrets
if (args != null)
{
configBuilder.AddCommandLine(args);
}
})
.UseStartup<Startup>();
Only process files that start with a predefined prefix
configBuilder.AddDockerSecrets(
allowedPrefixes: new List<string>
{
"ConfigSection1__",
"Foo__Bar__Baz"
}
);
Specify environment variable name that holds comma delimited list of allowed prefixes
setenv MY_SECRETS_PREFIXES "ConfigSection1__,Foo__Bar__Baz"
configBuilder.AddDockerSecrets("MY_SECRETS_PREFIXES");
Docker compose example
# docker compose compatible file
services:
myservice:
environment:
- MY_SECRETS_PREFIXES=ConfigSection1__,Foo__Bar__Baz
secrets:
- source: myservice_foobarbaz_dbpass
target: Foo__Bar__Baz__DbPassword
secrets:
myservice_foobarbaz_dbpass:
external: true
name: myservice_foobarbaz_dbpass_2019_12_30_1
// Program.cs
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureAppConfiguration(configBuilder =>
{
configBuilder.AddDockerSecrets(
allowedPrefixesEnvVariableName: "MY_SECRETS_PREFIXES"
);
// allow command line arguments to override docker secrets
if (args != null)
{
configBuilder.AddCommandLine(args);
}
})
.UseStartup<Startup>();
Release History
- 1.0.1
- Stable version that reads secret values from mounted files and pulls those into the configuration. Optionally filters the files to process by defined allowed prefixes.
Meta
Nikola Josipovic
This project is licensed under the MIT License. See License.md for more information.
Do you like this library?
addr1q87dhpq4wkm5gucymxkwcatu2et5enl9z8dal4c0fj98fxznraxyxtx5lf597gunnxn3tewwr6x2y588ttdkdlgaz79spp3avz
0xae0B28c1fCb707e1908706aAd65156b61aC6Ff0A