terraform-provider-docker/website/docs/r/secret.html.markdown

---
layout: "docker"
page_title: "Docker: docker_secret"
sidebar_current: "docs-docker-resource-secret"
description: |-
  Manages the secrets of a Docker service in a swarm.
---

# docker\_secret

Manages the secrets of a Docker service in a swarm.

## Example Usage

### Basic

```hcl
# Creates a secret
resource "docker_secret" "foo_secret" {
  name = "foo_secret"
  data = "ewogICJzZXJsaasIfQo="
}
```

#### Update secret with no downtime
To update a `secret`, Terraform will destroy the existing resource and create a replacement. To effectively use a `docker_secret` resource with a `docker_service` resource, it's recommended to specify `create_before_destroy` in a `lifecycle` block. Provide a unique `name` attribute, for example
with one of the interpolation functions `uuid` or `timestamp` as shown
in the example below. The reason is [moby-35803](https://github.com/moby/moby/issues/35803).

```hcl
resource "docker_secret" "service_secret" {
  name = "${var.service_name}-secret-${replace(timestamp(),":", ".")}"
  data = "${base64encode(data.template_file.service_secret_tpl.rendered)}"

  lifecycle {
    ignore_changes = ["name"]
    create_before_destroy = true
  }
}
resource "docker_service" "service" {
   # ...
   secrets = [
    {
      secret_id   = "${docker_secret.service_secret.id}"
      secret_name = "${docker_secret.service_secret.name}"
      file_name   = "/root/configs/configs.json"
    },
  ]
}
```

## Argument Reference

The following arguments are supported:

* `name` - (Required, string) The name of the Docker secret.
* `data` - (Required, string) The base64 encoded data of the secret.


## Attributes Reference

The following attributes are exported in addition to the above configuration:

* `id` (string)
Feat/swarm 4 new resources (#40) Adds docker swarm features to the provider for the Docker Engine 17.09.1 and API Version 1.32. The spec is close to the API. By default, the swarm services are fire and forget. A converging config implements the features of the docker cli to ensure a service and all its replicas are up and running. Furthermore, service can have configs, secrets, networks, mounts and be added to a network. 2018-05-16 12:00:04 -04:00			`---`
			`layout: "docker"`
			`page_title: "Docker: docker_secret"`
			`sidebar_current: "docs-docker-resource-secret"`
			`description: \|-`
			`Manages the secrets of a Docker service in a swarm.`
			`---`

			`# docker\_secret`

			`Manages the secrets of a Docker service in a swarm.`

			`## Example Usage`

			`### Basic`

			```hcl
			`# Creates a secret`
			`resource "docker_secret" "foo_secret" {`
			`name = "foo_secret"`
			`data = "ewogICJzZXJsaasIfQo="`
			`}`
			```

			`#### Update secret with no downtime`
			To update a `secret`, Terraform will destroy the existing resource and create a replacement. To effectively use a `docker_secret` resource with a `docker_service` resource, it's recommended to specify `create_before_destroy` in a `lifecycle` block. Provide a unique `name` attribute, for example
			with one of the interpolation functions `uuid` or `timestamp` as shown
			`in the example below. The reason is [moby-35803](https://github.com/moby/moby/issues/35803).`

			```hcl
			`resource "docker_secret" "service_secret" {`
			`name = "${var.service_name}-secret-${replace(timestamp(),":", ".")}"`
			`data = "${base64encode(data.template_file.service_secret_tpl.rendered)}"`

			`lifecycle {`
			`ignore_changes = ["name"]`
			`create_before_destroy = true`
			`}`
			`}`
			`resource "docker_service" "service" {`
			`# ...`
			`secrets = [`
			`{`
			`secret_id = "${docker_secret.service_secret.id}"`
			`secret_name = "${docker_secret.service_secret.name}"`
			`file_name = "/root/configs/configs.json"`
			`},`
			`]`
			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `name` - (Required, string) The name of the Docker secret.
			* `data` - (Required, string) The base64 encoded data of the secret.


			`## Attributes Reference`

			`The following attributes are exported in addition to the above configuration:`

			* `id` (string)