How to pass Chef data bag secret to a docker container?

I have already created a databag item which is existing on the chef server.
Now, I am trying to pass on that databag item secret value to a docker container.

I am creating the data bag as follows:

  • Disable docker container log configuration in Chef
  • creating a file inside /etc/apt/sources.list.d/
  • knife container workflow clarification
  • Chef and Docker
  • Does Docker reduce or mitigate the need for Puppet/Chef et al?
  • Octohost with knife solo on bare metal? (UserError: Vagrant not installed)
  • knife data bag create bag_secrets bag_masterkey --secret-file C:\path\data_bag_secret
    

    I am retrieving value of that databag item in Chef recipe as follows:

    secret = Chef::EncryptedDataBagItem.load_secret("#{node['secret']}")
    masterkey = Chef::EncryptedDataBagItem.load("databag_secrets", "databag_masterkey", secret)
    

    What logic do i need to add to pass on the data bag secret to a docker container?

  • docker-compose startup error cannot import name _thread
  • I can't run rails console with Docker and Passenger/nginx image
  • Zookeeper my ID not in the peer list
  • Adding new containers to existing cluster (sworm)
  • What is the reason behind openshift error invalid ImageStreamTag?
  • Unable to find image 'xxxx' locally
  • One Solution collect form web for “How to pass Chef data bag secret to a docker container?”

    I’ve said this like twice on different questions: DO NOT USE ENCRYPTED DATABAGS LIKE THIS IT IS NOT SAFE.

    I think you fundamentally misunderstand the security model of encrypted bags, they exist only to allow for data where the Chef Server cannot read it. The cost is you must manage key distribution. For Docker this would probably be via sidecar containers or data volumes but running chef-client inside a container is relatively rare so you’ll have to sort that out yourself. I would recommend working with a security/infosec engineer at your company to figure out the right security model for your usage.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.