mirror of
https://github.com/kreuzwerker/terraform-provider-docker.git
synced 2025-12-24 00:29:46 -05:00
7e569e1813
* chore(ci): Update website-generation workflow * chore(docs): Apply new formatting. * chore: Add update go.mod and go.sum files.
2.2 KiB
2.2 KiB
| page_title | subcategory | description |
|---|---|---|
| Resource docker_secret - terraform-provider-docker | Manages the secrets of a Docker service in a swarm. |
Resource (docker_secret)
Manages the secrets of a Docker service in a swarm.
Example Usage
Basic
resource "docker_secret" "foo" {
name = "foo"
data = base64encode("{\"foo\": \"s3cr3t\"}")
}
Update secret with no downtime
To update a secret, Terraform will destroy the existing resource and create a replacement.
To effectively use a docker_secret resource with a docker_service resource,
it's recommended to specify create_before_destroy in a lifecycle block. Provide a unique name attribute, for example
with one of the interpolation functions uuid or timestamp as shown
in the example below. The reason is moby-35803.
resource "docker_secret" "service_secret" {
name = "${var.service_name}-secret-${replace(timestamp(), ":", ".")}"
data = base64encode(
templatefile("${path.cwd}/foo.secret.json.tpl",
{
secret = "s3cr3t"
}
)
)
lifecycle {
ignore_changes = ["name"]
create_before_destroy = true
}
}
resource "docker_service" "service" {
# ...
secrets = [
{
secret_id = docker_secret.service_secret.id
secret_name = docker_secret.service_secret.name
file_name = "/root/configs/configs.json"
},
]
}
Schema
Required
data(String, Sensitive) Base64-url-safe-encoded secret dataname(String) User-defined name of the secret
Optional
labels(Block Set) User-defined key/value metadata (see below for nested schema)
Read-Only
id(String) The ID of this resource.
Nested Schema for labels
Required:
label(String) Name of the labelvalue(String) Value of the label
Import
Import is supported using the following syntax:
#!/bin/bash
# Docker secret cannot be imported as the secret data, once set, is never exposed again.