mirror of
https://github.com/kreuzwerker/terraform-provider-docker.git
synced 2025-12-23 16:19:42 -05:00
eca96b960b
* Add network labels and options attachable, ingress and ipv6 * Add volume labels * Add secret labels * Updates documentation
1.8 KiB
1.8 KiB
| layout | page_title | sidebar_current | description |
|---|---|---|---|
| docker | Docker: docker_secret | docs-docker-resource-secret | Manages the secrets of a Docker service in a swarm. |
docker_secret
Manages the secrets of a Docker service in a swarm.
Example Usage
Basic
# Creates a secret
resource "docker_secret" "foo_secret" {
name = "foo_secret"
data = "ewogICJzZXJsaasIfQo="
}
Update secret with no downtime
To update a secret, Terraform will destroy the existing resource and create a replacement. To effectively use a docker_secret resource with a docker_service resource, it's recommended to specify create_before_destroy in a lifecycle block. Provide a unique name attribute, for example
with one of the interpolation functions uuid or timestamp as shown
in the example below. The reason is moby-35803.
resource "docker_secret" "service_secret" {
name = "${var.service_name}-secret-${replace(timestamp(),":", ".")}"
data = "${base64encode(data.template_file.service_secret_tpl.rendered)}"
lifecycle {
ignore_changes = ["name"]
create_before_destroy = true
}
}
resource "docker_service" "service" {
# ...
secrets = [
{
secret_id = "${docker_secret.service_secret.id}"
secret_name = "${docker_secret.service_secret.name}"
file_name = "/root/configs/configs.json"
},
]
}
Argument Reference
The following arguments are supported:
name- (Required, string) The name of the Docker secret.data- (Required, string) The base64 encoded data of the secret.labels- (Optional, map of string/string key/value pairs) User-defined key/value metadata.
Attributes Reference
The following attributes are exported in addition to the above configuration:
id(string)