Should I use user-secrets or environment variables with docker

When using docker with asp.net core for development, should I use user-secrets or environment variables? I am using the default docker file that Visual Studio 2017 creates when adding a project, which uses microsoft/aspnetcore:1.1 and I believe is a linux image.

How do I set the user-secrets/environment variables in docker so they are set when it launches, but aren’t included in the source code?

  • .Net Core with Docker on EC2 tutorial problems
  • dotnet aspnetcore docker build fails with a 145 error code
  • MySQL -> .NET Core Dependency error (MySql.Data)
  • Error while publising to docker on Azure from Visual Studio 2015
  • Can't connect to ASP.NET core through docker
  • kpm restore unable to find System.Net.Http
  • SSL handshake failure with node.js https
  • Docker installation on OpenSUSE 13.1
  • Docker runtime metrics in boot2docker
  • sh on docker: syntax error: unexpected end of file (expecting “then”)
  • Can't figure out how I have to build my Docker architecture
  • How to make docker-compose volumes work on Hyper-V?
  • 3 Solutions collect form web for “Should I use user-secrets or environment variables with docker”

    Environment vars are better – https://12factor.net/config

    If you run docker using docker run use -e or --env-file option:
    https://docs.docker.com/engine/reference/run/#env-environment-variables

    If you run docker using docker-compose use environment or env_file key:
    https://docs.docker.com/compose/environment-variables/

    For the production purpose, you need to use environment variables, not use-secrets. Secrets exist ONLY for safe storage during development by helping prevent sensitive data from being storing in code / checked into source control:

    The Secret Manager tool does not encrypt the stored secrets and should not be treated as a trusted store. It is for development purposes only. The keys and values are stored in a JSON configuration file in the user profile directory.


    As alternative to environment variables you may consider using “external” key-value storages, like Consul, Vault, etc.


    Regarding environment variables in docker, SO already has related questions/answers. See How to pass environment variables to docker containers? as example.

    Instead of using user-secrets or environment variables, I decided to add another appsettings file called appsettings.secrets.json. And then in the constructor add the file like the other appsettings files:

     var builder = new ConfigurationBuilder()
                .SetBasePath(env.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
                .AddJsonFile("appsettings.secrets.json", optional: true, reloadOnChange: true)
                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
                .AddEnvironmentVariables();
    

    Just be sure to add the appsettings.secrets.json to the .gitignore file so it isn’t added to source control. User-secrets and environment variables can still be used.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.