I would like to use Example 3 from https://docs.docker.com/compose/compose-file/09-secrets/#example-3.
My docker-compose file has grafana service:
grafana:
image: grafana/grafana-oss:10.2.0-ubuntu
environment:
GF_USERS_HOME_PAGE: /dashboards/f/1/
GF_SECURITY_ADMIN_PASSWORD: /run/secrets/grafana_password
secrets:
- grafana_password
secrets:
grafana_password:
external: true
name: "${GRAFANA_PASSWORD:?err}"
I tried to set GRAFANA_PASSWORD first and then ran docker-compose file.GRAFANA_PASSWORD= bike docker-compose up -d.
However it does not let me login with bike password. Please brief me with docker secrets using name. And how to use it with GF_SECURITY_ADMIN_PASSWORD.
Thank you.
Thanks but I have already checked it. It does not give clear idea on how to use example 3 from Secrets top-level element | Docker Docs in the docker-compose file I have mentioned earlier.
OK, try to run container manually and debug what and how it is processed in run.sh:
# Convert all environment variables with names ending in __FILE into the content of
# the file that they point at and use the name without the trailing __FILE.
# This can be used to carry in Docker secrets.
for VAR_NAME in $(env | grep '^GF_[^=]\+__FILE=.\+' | sed -r "s/([^=]*)__FILE=.*/\1/g"); do
VAR_NAME_FILE="$VAR_NAME"__FILE
if [ "${!VAR_NAME}" ]; then
echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)"
exit 1
fi
echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}"
export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")"
unset "$VAR_NAME_FILE"
done
export HOME="$GF_PATHS_HOME"
if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then
OLDIFS=$IFS
IFS=','
for plugin in ${GF_INSTALL_PLUGINS}; do
IFS=$OLDIFS
Eventually, modify run.sh to be able to use also this kind of secret and overwrite default run.sh
You also don’t follow Grafana doc: GF_SECURITY_ADMIN_PASSWORD__FILE (doc) vs GF_SECURITY_ADMIN_PASSWORD (you)
