Hello!
I’d like to request that support for Docker Secrets be added to the self-host project. I think that this is essential to secure sensitive settings, such as database user/password/name and SSL certs/keys.
While I am not an expert on Docker, it’s my understanding that settings can still be accessed should some malicious entity gain access to your running containers, but that secrets have an additional layer of security preventing the exposure of their values. This seems particularly important with a service like BitWarden that manages so much sensitive data.
An example of this is already located in the official postgres image’s docker-entrypoint.sh.
It uses the file_env()
method to read in variables that may be stored in files (references that can be pointed to docker secrets).
While the postgres image uses _FILE
at the end of settings to indicate that it should be read from a file, I would suggest that _SECRET
might be better, indicating that it would be best to use a secret to pass in those settings with sensitive information.
I wouldn’t mind coding this myself, but I am only familiar with the basics of shell scripting and docker (still googling and learning), and I didn’t want to wait to suggest this. Additionally, I wanted to make sure that this would be a good idea that would be welcomed.
Thank you!