Hi Ajay,
it's a really good question but I'm afraid I'm not the best person to answer it. I've tried to find a solution for this on a while back, but I could not find a solid approach that is valid anywhere.
I think if you want to set the value programmatically you need to look for the best practices of the specific infrastructure you are using to deploy your containers. For example, if you're using an orchestrator like Kubernetes you could use secrets to mount a bash script that sets your proxy variables.
Or if you're on Amazon ECS you could use Secretsmanager and read the value from a CloudFormation script to set the container ENV (this one I tried and it works).
Mmm let me see.. did you have a look at the EnvironmentFile directive for systemd units?
I remember I did something like this to configure Samba persistent mounts while having passwords in a file with read-access only for the root user.
You could extract Docker proxy settings variables in a file such as /etc/docker/docker-proxy.env and then use the following directive in your unit file:
Hi Ajay,
it's a really good question but I'm afraid I'm not the best person to answer it. I've tried to find a solution for this on a while back, but I could not find a solid approach that is valid anywhere.
I think if you want to set the value programmatically you need to look for the best practices of the specific infrastructure you are using to deploy your containers. For example, if you're using an orchestrator like Kubernetes you could use secrets to mount a bash script that sets your proxy variables.
Or if you're on Amazon ECS you could use Secretsmanager and read the value from a CloudFormation script to set the container ENV (this one I tried and it works).
Hope this helps 🙂
Thanks Manuel. I am using plain docker to do docker pull and don't want the password in plaintext for dockerd. Any way to avoid this?
Mmm let me see.. did you have a look at the
EnvironmentFiledirective for systemd units?I remember I did something like this to configure Samba persistent mounts while having passwords in a file with read-access only for the root user.
You could extract Docker proxy settings variables in a file such as
/etc/docker/docker-proxy.envand then use the following directive in your unit file:This article might also help you unix.stackexchange.com/questions/4...
Remember to lock down your environment file afterwards with
chmod 400 /etc/docker/docker-proxy.envI don't have an environment to test this out at the moment, let me know if this works!