| Thank you very much for taking your time to review the article. Some of the things you listed as things I didn't touch on the article is true. I didn't cover those. But this article is for beginners and I also indicate that there's an advanced content coming up on it. For example, when I mentioned Volumes in Chapter 4, I added this "We haven’t discussed Docker Volumes in this guide but you can visit the Docker Content Hub for more advanced topics like Volumes." To let readers know that there's an advanced topic that covers other concepts. I even indicated it at the beginning of chapter 4 "Let me know in the comments section. I will share it with you." Talking about common pitfalls for exposing ports. I didn't go in depth into PORTS because that knowledge will be too overwhelming at that point. At least, you should know how to dockerize an application before trying to secure it. I have an Advanced Docker content coming up that covers Docker Security, that's where your feedback will be very help which I appreciate by the way. Lastly, I never encourage storing secrets openly and committing it to git. That is a bad practice in software engineering. In development, we all store our secrets in an .env file (if you use JavaScript) that is the standard but when deploying or on production, you move your secret to somewhere safe. So that's the same concept for the article, while building your dockerized app in development I created the common.env file to hold the secrets in my development. During production, It will be secured according to standards and best practices. I may not have indicated it like this doesn't mean I'm encourage the wrong thing. Beside for a developer to consider learning and using Docker, the developer must have been developing and deploying apps for a while and should know the best practices with SECRETS. Next time, I will consider indicating it, Thanks to your feedback. |