Docker Secrets

Let’s learn how Docker makes secrets available to apps in a secure way.

We'll cover the following

Many applications need secrets; things as passwords, TLS certificates, SSH keys, and more.


Early versions of Docker had no standardized way of making secrets available to apps in a secure way. It was common for developers to insert secrets into apps via plain text environment variables (we’ve all done it). This was far from ideal.

Docker 1.13 introduced Docker Secrets as first-class objects in the Docker API.

Behind the scenes

Behind the scenes, secrets are encrypted at rest, encrypted in-flight, mounted in containers to in-memory filesystems, and operate under a least-privilege model where they are only made available to services that have been explicitly granted access to them. It’s quite a comprehensive end-to-end solution, and it even has its own docker secret sub-command.


Get hands-on with 1000+ tech skills courses.