mirror of
https://github.com/kreuzwerker/terraform-provider-docker.git
synced 2026-02-11 23:03:13 -05:00
2.1 KiB
2.1 KiB
| page_title | subcategory | description |
|---|---|---|
| docker_secret Resource - terraform-provider-docker | Manages the secrets of a Docker service in a swarm. |
docker_secret (Resource)
Manages the secrets of a Docker service in a swarm.
Example Usage
# Creates a secret
resource "docker_secret" "foo_secret" {
name = "foo_secret"
data = "ewogICJzZXJsaasIfQo="
}
# Update secret with no downtime
## To update a `secret`, Terraform will destroy the existing resource and create a replacement.
## To effectively use a `docker_secret` resource with a `docker_service` resource,
## it's recommended to specify `create_before_destroy` in a `lifecycle` block. Provide a unique `name` attribute, for example
## with one of the interpolation functions `uuid` or `timestamp` as shown
## in the example below. The reason is [moby-35803](https://github.com/moby/moby/issues/35803).
resource "docker_secret" "service_secret" {
name = "${var.service_name}-secret-${replace(timestamp(), ":", ".")}"
data = base64encode(data.template_file.service_secret_tpl.rendered)
lifecycle {
ignore_changes = ["name"]
create_before_destroy = true
}
}
resource "docker_service" "service" {
# ...
secrets = [
{
secret_id = docker_secret.service_secret.id
secret_name = docker_secret.service_secret.name
file_name = "/root/configs/configs.json"
},
]
}
Schema
Required
- data (String, Sensitive) Base64-url-safe-encoded secret data
- name (String) User-defined name of the secret
Optional
- id (String) The ID of this resource.
- labels (Block Set) (see below for nested schema)
Nested Schema for labels
Required:
- label (String) Name of the label
- value (String) Value of the label
Import
Import is supported using the following syntax:
#!/bin/bash
# Docker secret cannot be imported as the secret data, once set, is never exposed again.