Simplify secret management with OpenSSL and Docker

Last modified date

Simplify secret management with OpenSSL and Docker, if you are looking for a secure and easy way to store and access secrets you may find the following post useful.

A while ago I covered something similar in this post How to encrypt and decrypt a file on the command line.

This post can be seen as the next step to not only encrypt and decrypt values but also to manage secrets across multiple environments, I am going to show you how combine OpenSSL with Docker to get the best of both tools. Complete source code can be found on GitHub.

The idea is to store your passwords as encrypted values in a Docker image, in this way you can always have access to the secrets by simply running docker run -it secret-box $secret_name $encryption_password.
Values are AES-256 encrypted using OpenSSL and it is considered secure.

Requirements

  • 10 minutes
  • Docker installed
  • OpenSSL installed

To create your Docker image you need to create following files:

  • Dockerfile
  • encrypt.sh
  • entrypoint.sh

Copy and paste the following snippet in a file named Dockerfile.

Now you need the entrypoint.sh, copy the content of the next snippet in entrypoint.sh

Now you have everything you need to build your Docker image, but you still have to add secrets.
To add secrets you can do it from the command line or use a script like this:

Save it in a file I named it encrypt.sh and run it:

You should be able to see a new directory vaults with a mysql_password file inside. Everything is ready for the Docker image to be built:

To test it:

Comments and feedback are welcome.