Support for secrets

[terafirmanz]

⚠️ Please verify that this feature request has NOT been suggested before.

• I checked and didn't find similar feature request

🏷️ Feature Request Type

UI Feature

🔖 Feature description

Just as .env file support is available specific support for secrets would be nice. I know it is possible to use the ENV feature but this is not best practise as passing secrets as environment variables is a security risk. This feature request is to add support for secrets as files.

✔️ Solution

A section in the UI for secrets that can be referenced in the compose file. The resulting secrets are then stored as separate dot files.

❓ Alternatives

No response

📝 Additional Context

An example of a project that makes good use of secrets and passing them as files to the container is Zabbix.
https://github.com/zabbix/zabbix-docker

[bverkron]

@terafirmanz I would also love to see some better secrets management vs the defacto environment variable method but can you add some clarity on what Zabbix is doing that you would like to see dockge do? I took a very brief look and I just see compose examples that use secrets files which the containerized application needs to support. Do you have another approach in mind?

[terafirmanz]

Not that I can think of, all the situations I use them for are where the container supports secret files as you mention. The only other thing I would find helpful is ENV file management and splitting that up but that's already part of another request.

[GeorgelPreput]

+1 for this request.

It's a bit annoying to have to start the stack, knowing it will fail, just so that the stack's folder is created. Then SSH into the Docker host machine, manually create a secrets folder within the stack's folder, then finally dump the secret files in there.

It's OK to do once when you spin up another stack, but becomes more cumbersome if you're rotating passwords, or testing new stacks often

[thiagoalcav]

Hello everyone, I was researching options to make .ENV files more secure and I saw the tool https://getsops.io/,.

Here is a video showing how to use it: https://www.youtube.com/watch?v=V2PRhxphH2w

I think that if there was a way to integrate Dockge with it, it would be very interesting and less effort than creating a whole secrets management and recovery process at startup time.

It would be enough to encrypt and decrypt the ENV on demand, which seems to me to be something simpler to implement and would actually solve the security issue due to possible leaks of the environment's .ENV files, since the file would always be encrypted by default, but decrypted when editing compose via Dockge.

[GuyFromMars365]

@louislam Is there any plans to incorporate docker secrets support? I was a bit surprised Dockge doesn't support this, as secrets are recommended by Docker for security reasons.

[florian101010]

+1 from me