Should I use user-secrets or environment variables with docker

When using docker with asp.net core for development, should I use user-secrets or environment variables? I am using the default docker file that Visual Studio 2017 creates when adding a project, which uses microsoft/aspnetcore:1.1 and I believe is a linux image.

How do I set the user-secrets/environment variables in docker so they are set when it launches, but aren’t included in the source code?

  • What is causing these directories to be hidden?
  • Deploying docker container to production server from Visual Studio 2017 RTM
  • Convert HTML to PDF using wkhtmltopdf, docker in ASP.NET Core
  • Docker unable to resolve .net standard class libraries, on deploying .net core app to Docker
  • Benefits of deploying .NET Core App as a Dockerized Container?
  • “dotnet restore” fails with “SSL peer certificate or SSH remote key was not OK”
  • How to map docker images to a dockerfile?
  • MySQL in Docker frozen at root password config
  • Can't start docker
  • Access jboss 8080 port inside docker container
  • Incrementally build Docker image hierarchy with Makefile
  • Weird terminal formatting on Windows
  • 3 Solutions collect form web for “Should I use user-secrets or environment variables with docker”

    Environment vars are better – https://12factor.net/config

    If you run docker using docker run use -e or --env-file option:
    https://docs.docker.com/engine/reference/run/#env-environment-variables

    If you run docker using docker-compose use environment or env_file key:
    https://docs.docker.com/compose/environment-variables/

    For the production purpose, you need to use environment variables, not use-secrets. Secrets exist ONLY for safe storage during development by helping prevent sensitive data from being storing in code / checked into source control:

    The Secret Manager tool does not encrypt the stored secrets and should not be treated as a trusted store. It is for development purposes only. The keys and values are stored in a JSON configuration file in the user profile directory.


    As alternative to environment variables you may consider using “external” key-value storages, like Consul, Vault, etc.


    Regarding environment variables in docker, SO already has related questions/answers. See How to pass environment variables to docker containers? as example.

    Instead of using user-secrets or environment variables, I decided to add another appsettings file called appsettings.secrets.json. And then in the constructor add the file like the other appsettings files:

     var builder = new ConfigurationBuilder()
                .SetBasePath(env.ContentRootPath)
                .AddJsonFile("appsettings.json", optional: true, reloadOnChange: true)
                .AddJsonFile("appsettings.secrets.json", optional: true, reloadOnChange: true)
                .AddJsonFile($"appsettings.{env.EnvironmentName}.json", optional: true)
                .AddEnvironmentVariables();
    

    Just be sure to add the appsettings.secrets.json to the .gitignore file so it isn’t added to source control. User-secrets and environment variables can still be used.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.