How to use variables from docker secret?

Hi,
In docker-compose, is it possible to implement a solucition like this?
using-docker-secrets-in-your-environment-variables
I wrote the scrit docker-entrypoint-env.sh:

#!/usr/bin/env bash
set -e
file_env() {
local var="1" local fileVar="{var}_FILE"
local def="${2:-}"

if [ “{!var:-}" ] && [ "{!fileVar:-}” ]; then
echo >&2 “error: both $var and $fileVar are set (but are exclusive)”
exit 1
fi
local val="def" if [ "{!var:-}" ]; then
val="{!var}" elif [ "{!fileVar:-}" ]; then
val="(< "{!fileVar}")"
fi
export “$var”="$val"
unset “$fileVar”
}

file_env “GRAYLOG_PASSWORD_SECRET”
file_env “GRAYLOG_ROOT_PASSWORD_SHA2”

/docker-entrypoint.sh

But I had no success
My compose file:

version: ‘3.3’

secrets:
GRAYLOG_PASSWORD_SECRET:
external: true
GRAYLOG_ROOT_PASSWORD_SHA2:
external: true
services:

graylog:
image: graylog/graylog:3.1
hostname: “{{.Service.Name}}”
secrets:
- GRAYLOG_PASSWORD_SECRET
- GRAYLOG_ROOT_PASSWORD_SHA2
volumes:
- gldata:/usr/share/graylog/data
- ./docker-entrypoint-env.sh:/docker-entrypoint-env.sh
environment:
- TZ=America/Recife
- GRAYLOG_HTTP_EXTERNAL_URI=http://meudominio:9001/
- GRAYLOG_ROOT_TIMEZONE=America/Recife
- GRAYLOG_ELASTICSEARCH_CLUSTER_NAME=es-cluster
- GRAYLOG_ALLOW_LEADING_WILDCARD_SEARCHES=true
- GRAYLOG_PASSWORD_SECRET_FILE=/run/secrets/GRAYLOG_PASSWORD_SECRET
- GRAYLOG_ROOT_PASSWORD_SHA2_FILE=/run/secrets/GRAYLOG_ROOT_PASSWORD_SHA2
depends_on:
- mongo
- elasticsearch
- elasticsearch2
- elasticsearch3
volumes:
- csi-gl-gldata:/usr/share/graylog/data
- ./docker-entrypoint-env.sh:/docker-entrypoint-env.sh

entrypoint:
- /docker-entrypoint-env.sh

In fact, file_env() is ok and set GRAYLOG_ROOT_PASSWORD_SHA2 and GRAYLOG_PASSWORD_SECRET, when a start my container, I check right values into it but in graylog.conf , root_password_sha2 is diferent.

I could find the same solution into :
https://github.com/Graylog2/graylog-docker/commit/880df8995b79bd71602c5291db49c74131fcd407

Branch secrets-2.4

But, it will be merged em 3.1 ou 3.2?

Currently it is not (yet) ready to run - you need to create your own image if you want to have that instand.

1 Like