I'm looking for advice on how to properly handle my secrets defined in a .env file when managing multiple optional services. I have around five Docker hosts at home, and my Git repository is structured with a main compose.yaml file that includes multiple sub-compose files for different services like Traefik, Home Assistant, and Mealie. Each sub-compose file uses some secrets, but many hosts don't require all of them. For example, when I run containers on the Mealie host, I get warnings about undefined secrets like the Home Assistant API key because those services aren't activated. I'm trying to figure out a better method to manage these secrets or compose files to avoid warnings for services not being started. I've tried Docker secrets, default values, and even placeholders in the .env file, but none of those solutions work well for my situation. Any recommendations?
1 Answer
I've had great success putting all my secrets into dedicated secret files. Most containers support this, so it can really streamline your process. Just be sure to check that all your containers can read the secrets as needed. It does require some initial setup, but it's worth it in terms of both security and managing warnings.
That sounds great, but I still have some issues, especially with labels in containers. For example, can you load secret file values directly into Docker container labels? I'd love to use this method, but I haven't figured that part out.