How to pass Chef data bag secret to a docker container?

I have already created a databag item which is existing on the chef server.
Now, I am trying to pass on that databag item secret value to a docker container.

I am creating the data bag as follows:

  • Combining Chef And Docker
  • Error response from daemon: Container f88566c370dd is not running
  • Chef-zero error when creating a docker container from OSX
  • Using chef to set up apt repository
  • how to make docker image ssh enabled
  • VBoxManage (LockMachine): Docker machine created by chef
  • knife data bag create bag_secrets bag_masterkey --secret-file C:\path\data_bag_secret

    I am retrieving value of that databag item in Chef recipe as follows:

    secret = Chef::EncryptedDataBagItem.load_secret("#{node['secret']}")
    masterkey = Chef::EncryptedDataBagItem.load("databag_secrets", "databag_masterkey", secret)

    What logic do i need to add to pass on the data bag secret to a docker container?

  • how does docker treat child process when we send stop to pid 1
  • MySQL Docker container is not saving data to new image
  • gitlab-ci-multi-runner 9.2.0: ERROR: Job failed: exit code 252
  • Where does Docker store the content of running containers?
  • Redis connection failing
  • Is this Dockerfile extending a image or creating a new one ?
  • One Solution collect form web for “How to pass Chef data bag secret to a docker container?”

    I’ve said this like twice on different questions: DO NOT USE ENCRYPTED DATABAGS LIKE THIS IT IS NOT SAFE.

    I think you fundamentally misunderstand the security model of encrypted bags, they exist only to allow for data where the Chef Server cannot read it. The cost is you must manage key distribution. For Docker this would probably be via sidecar containers or data volumes but running chef-client inside a container is relatively rare so you’ll have to sort that out yourself. I would recommend working with a security/infosec engineer at your company to figure out the right security model for your usage.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.