Manages the secrets of a Docker service in a swarm.
# Creates a secret resource "docker_secret" "foo_secret" { name = "foo_secret" data = "ewogICJzZXJsaasIfQo=" }
To update a secret
, Terraform will destroy the existing resource and create a replacement. To effectively use a docker_secret
resource with a docker_service
resource, it's recommended to specify create_before_destroy
in a lifecycle
block. Provide a unique name
attribute, for example with one of the interpolation functions uuid
or timestamp
as shown in the example below. The reason is moby-35803.
resource "docker_secret" "service_secret" { name = "${var.service_name}-secret-${replace(timestamp(),":", ".")}" data = "${base64encode(data.template_file.service_secret_tpl.rendered)}" lifecycle { ignore_changes = ["name"] create_before_destroy = true } } resource "docker_service" "service" { # ... secrets = [ { secret_id = "${docker_secret.service_secret.id}" secret_name = "${docker_secret.service_secret.name}" file_name = "/root/configs/configs.json" }, ] }
The following arguments are supported:
name
- (Required, string) The name of the Docker secret. data
- (Required, string) The base64 encoded data of the secret. The following attributes are exported in addition to the above configuration:
id
(string)
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/docker/r/secret.html