upstream/terraform-provider-docker
1
0
Fork 0
mirror of https://github.com/kreuzwerker/terraform-provider-docker.git synced 2025-12-26 17:49:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
terraform-provider-docker/docs/resources/secret.md
Martin 7e569e1813
chore(ci): Update website-generation workflow (#386) 
* chore(ci): Update website-generation workflow

* chore(docs): Apply new formatting.

* chore: Add update go.mod and go.sum files.
2022-06-17 12:09:59 +02:00

92 lines
No EOL
2.2 KiB
Markdown
Raw Blame History

---
# generated by https://github.com/hashicorp/terraform-plugin-docs
page_title: "Resource docker_secret - terraform-provider-docker"
subcategory: ""
description: |-
Manages the secrets of a Docker service in a swarm.
---
<!-- Bug: Type and Name are switched -->
# Resource (docker_secret)
Manages the secrets of a Docker service in a swarm.
## Example Usage
### Basic
```terraform
resource "docker_secret" "foo" {
name = "foo"
data = base64encode("{\"foo\": \"s3cr3t\"}")
}
```
### Update secret with no downtime
To update a `secret`, Terraform will destroy the existing resource and create a replacement.
To effectively use a `docker_secret` resource with a `docker_service` resource,
it's recommended to specify `create_before_destroy` in a `lifecycle` block. Provide a unique `name` attribute, for example
with one of the interpolation functions `uuid` or `timestamp` as shown
in the example below. The reason is [moby-35803](https://github.com/moby/moby/issues/35803).
```terraform
resource "docker_secret" "service_secret" {
name = "${var.service_name}-secret-${replace(timestamp(), ":", ".")}"
data = base64encode(
templatefile("${path.cwd}/foo.secret.json.tpl",
{
secret = "s3cr3t"
}
)
)
lifecycle {
ignore_changes = ["name"]
create_before_destroy = true
}
}
resource "docker_service" "service" {
# ...
secrets = [
{
secret_id = docker_secret.service_secret.id
secret_name = docker_secret.service_secret.name
file_name = "/root/configs/configs.json"
},
]
}
```
<!-- schema generated by tfplugindocs -->
## Schema
### Required
- `data` (String, Sensitive) Base64-url-safe-encoded secret data
- `name` (String) User-defined name of the secret
### Optional
- `labels` (Block Set) User-defined key/value metadata (see [below for nested schema](#nestedblock--labels))
### Read-Only
- `id` (String) The ID of this resource.
<a id="nestedblock--labels"></a>
### Nested Schema for `labels`
Required:
- `label` (String) Name of the label
- `value` (String) Value of the label
## Import
Import is supported using the following syntax:
```shell
#!/bin/bash
# Docker secret cannot be imported as the secret data, once set, is never exposed again.
```
Reference in a new issue View git blame Copy permalink