|
|
|
|
|
|
by TheFlyingFish
1797 days ago
|
|
|
I run Docker Swarm on my homelab, but I honestly wouldn't touch it for production because it's lacking features that I find critical and doesn't show any signs of developing them soon. For example, Swarm secrets can only be exposed as files, not as environment variables. You can argue this is more secure because file permissions are more granular than env vars, but IMO that's a silly argument in a container context because containers are almost always single-user to begin with. Moreover, the vast majority of containerized applications expect their secrets in env vars, so you have to resort to fragile entry point wrappers if you want to make use of Swarm secrets. |
|
|
automating secret usage across containers that are deployed via ansible scripts gets annoying in that situation.