Can't use secrets from files with .secret extension in Docker compose? - Stack Overflow

admin管理员组

文章数量:1122832

I'm very new to Docker Compose.

Consider the following Docker Compose file for an Azure pipelines build agent:

name: build-agent

services:
  agent:
    image: myrepo/azure-devops-agents:1234
    network_mode: host
    restart: no
    environment:
      AZP_AGENT_NAME: dummy
      AZP_POOL: Default
      AZP_URL: 
      AZP_PROJECT: myproject
      RUN_COUNT: 1
      AZP_TOKEN_FILE: /run/secrets/token
    secrets:
      - token
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    deploy:
      resources:
        limits:
          cpus: '0.50'
          memory: '512M'
        reservations:
          cpus: '0.25'
          memory: '256M'

secrets:
  token:
    file: ./azure-devops-token.secret

When running docker-compose up it doesn't seem to find file azure-devops-token.secret, even though the file exists:

[+] Running 1/0
 ✔ Container build-agent-agent-1  Created0.0s 
agent-1  | cat: /run/secrets/token: Is a directory
agent-1  | An error occurred: MissingValueOptionError
agent-1  | Unrecognized command-line input arguments: ''. For usage refer to: .\config.cmd --help or ./config.sh --help
agent-1  | An error occurred: Not configured

Environment:

• WSL (Ubuntu 22.04.4)
• Client: Docker Engine v26.0.0
• Server: Docker Desktop v27.3.1
• Docker Compose v2.29.7-desktop.1

The weird thing is that everything works fine if I change the file extension to .txt or .secrets.

Is this a bug? I did search the documentation and I haven't found any mention to conventions regarding file extensions when using secrets. All examples I saw use the .txt extension, which I'd rather not use.

I'd prefer to use *.secret files instead for local development - these are configured in my .gitignore file, to prevent accidentally committing sensitive information to the repository.

本文标签： Can39t use secrets from files with secret extension in Docker composeStack Overflow