Hello,
I’m a bit new to Rancher. I’ll try to explain my goal first. My app (written in js) contains a password that we pass in order to connect to the server. Currently, every time we want to run the app, we set an environment variable to contain this password and we read this information in runtime (by process.env.pass
). Now that we moved to docker, I want to make it more sophisticated. After reading about docker’s secrets I found out that I need to read it from /run/secrets/
, after creating one. The way we use rancher is by building the docker image, uploading to Harbor and creating a new workload in the Ranch UI.
At first, I tried to set the secret in an environment variable like so:
But for some reason I can’t find it in the list of the environment variables (What could be reason for that?)
After that, I tried to set a volume with that secret (It does not lead me to add another image as I’m a new user).
Now I can see the directory /run/secrets/pass
but it’s different from Docker secrets. In Docker, the /run/secrets/pass
is a file that I should read and get the secret but in Rancher, it’s a directory that contains pass
. Also for some reason I can’t read that file:
cat /run/secrets/pass/pass
cat: /run/secrets/pass/pass: Permission denied
To sum up:
- Why it didn’t show the secret in the envs?
- What would be the best way to set up a secret so it will be easy to read it with Rancher and without Rancher (with docker only)? By that I mean - minimal code support. I already added support so it will read a secret from
/run/secrets/
(it tries to read the file calledpass
). - Why it didn’t let me read the
/run/secrets/pass/pass
?
Thank you.