TransWikia.com

How do I share secret key files with Docker containers following 12 Factor App?

Information Security Asked by flexi on October 28, 2021

I am building an API and trying to follow the 12 Factor App methodology. Using Docker, the methodology says containers must be disposable.

Assuming the API will have high traffic, multiple docker containers will be running with the same app, connecting to the same database.

Certain fields in the database are encrypted and stored with a reference to the file containing the passphrase. – This is done so the passphrase can be updated, and old data can still be decrypted.

With a Docker container and following 12 Factor App, how should I provide the key files to each of the containers?

Am I correct in assuming I would need a separate server to handle the creating of new key files and distributing them over the network?

Is there secure software, protocols or services that do this already, or would I need a custom solution?

Update

I have read that Vault by HashiCorp or Kubernetes can handle secret sharing between containers however, I am not sure if that will work for me, as I need an automated task to create a new passphrase file, and then distribute it to the containers.

One Answer

12 factor says that the config needs to be stored in the environment. So why not simply pass the secrets to the container over environment variables? If there are many, pass a master key to a key store that is lying on a volume mounted at start.

Answered by Marek Puchalski on October 28, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP