I am using Docker Swarm to deploy Drone. Swarm forces users to inject secrets as files on the file system, into /run/secrets/mycoolsecret, for example, and then some images publishers support a _FILE postfix for their environment variables so as to support Swarm users.
also, some more background, we use a library to read environment files into Go structures. I formally requested them to support the _FILE convention however they did not seem interested. It would certainly help if people voted on / commented on the issue to try and convince them:
may I ask for some update on this issue? The linked solutions by @bradrydzewski seem outdated (404).
What’s the current recommended way to use Docker secrets instead of hardcoded (unsafe) tokens in a docker-compose file to run Drone?
My Docker secrets are working fine, but I can’t find a way to start Drone using them, only complicated workarounds with custom container entry scripts to manually read Docker secrets and then manually create the required ENV vars.
Am I right that it’s something still not officially implemented by Drone? Should I open a Feature Request? I don’t want to store my tokens in a file on my VPS.