---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "docker_secret Resource - terraform-provider-docker"
subcategory: ""
description: |-
  Manages the secrets of a Docker service in a swarm.
---
<!-- Bug: Type and Name are switched -->
# docker_secret (Resource)

Manages the secrets of a Docker service in a swarm.

## Example Usage

### Basic

```terraform
resource "docker_secret" "foo" {
  name = "foo"
  data = base64encode("{\"foo\": \"s3cr3t\"}")
}
```

### Update secret with no downtime
To update a `secret`, Terraform will destroy the existing resource and create a replacement.
To effectively use a `docker_secret` resource with a `docker_service` resource,
it's recommended to specify `create_before_destroy` in a `lifecycle` block. Provide a unique `name` attribute, for example
with one of the interpolation functions `uuid` or `timestamp` as shown
in the example below. The reason is [moby-35803](https://github.com/moby/moby/issues/35803).

```terraform
resource "docker_secret" "service_secret" {
  name = "${var.service_name}-secret-${replace(timestamp(), ":", ".")}"
  data = base64encode(
    templatefile("${path.cwd}/foo.secret.json.tpl",
      {
        secret = "s3cr3t"
      }
    )
  )

  lifecycle {
    ignore_changes        = ["name"]
    create_before_destroy = true
  }
}

resource "docker_service" "service" {
  # ...
  secrets = [
    {
      secret_id   = docker_secret.service_secret.id
      secret_name = docker_secret.service_secret.name
      file_name   = "/root/configs/configs.json"
    },
  ]
}
```

<!-- schema generated by tfplugindocs -->
## Schema

### Required

- **data** (String, Sensitive) Base64-url-safe-encoded secret data
- **name** (String) User-defined name of the secret

### Optional

- **id** (String) The ID of this resource.
- **labels** (Block Set) User-defined key/value metadata (see [below for nested schema](#nestedblock--labels))

<a id="nestedblock--labels"></a>
### Nested Schema for `labels`

Required:

- **label** (String) Name of the label
- **value** (String) Value of the label

## Import

Import is supported using the following syntax:

```shell
#!/bin/bash

# Docker secret cannot be imported as the secret data, once set, is never exposed again.
```