Developing with docker containers is great! And we at uilicious run our entire backend on top of docker.
It would have been impossible to have la...
For further actions, you may consider blocking this person and/or reporting abuse
Ahh yes, I probably should add this in when I revise the article for 2019.
Yup secrets built into containers : especially in particular public containers are a big one.
Mitigation beyond "not placing them in dockerfile" however is much more complicated.
Beyond that : only solutions like vault, or for every docker management system - be it kubernetes or swarm, text file based secrets management. Are currently the only main options.
For compose, and environment variables however : the practise is to simply not use it publicly but internally.
For heavily regulated industries, as far as I know. They would instead isolate the docker management system, and container repository from the developers. Where only a sysadmin (who has the keys anyway) could then perform the deployment, after building the containers from the source code into repository.
Not ideal as its not full CI/CD, and can sometimes be somewhat manual in the process
Great article! Although I use docker only on my system, I have nice(๐คจ) memory of 2nd point you mentioned about data persistence. I was using docker for very first time. Wrote some code with really great efforts(๐), and closed the system normally. Next time opened to show to a friend, and ๐ฅ...NOTHING WAS THERE...it's feels nice when someone explains mistakes you learned from...
I feel you there - I still make this mistake every now and then till this day...
It always start with : hmm lets make a small minor 1 liner tweak to see if this will make the container better
....
1 page of bash script later : poof ๐ฑ
Thanks for the article!
For the 1st point there is a good practice to bind port to the localhost if you only need to use service locally:
-p 127.0.0.1:8080:8080Unrelated to anything of substance; just something that I chuckled at... if you are reading a Docker article but don't know what RAM stands for -- you are in trouble!