Allow for passing sensitive settings through files about docker-neo4j HOT 3 OPEN

This is already possible in a way.

You can specify any neo4j configuration option via environment variables (https://neo4j.com/docs/operations-manual/current/installation/docker/#docker-environment-variables) and docker run supports --env-file argument to set environment variables from a file.
(https://docs.docker.com/engine/reference/commandline/run/#set-environment-variables--e-env-env-file)

The security implications seem slightly better here than in the approach taken by postgres:

• Host environment: You have a file with the password in it (both approaches)
• Docker environment: You have an environment variable with the password in it (both approaches)
• Docker environment: You have a file with the password in it (only postgres approach)

but I might be missing something else. I'm not sure what

[...] Docker's secrets feature)

is referring to and how that operates.

from docker-neo4j.

Yeah, I was thinking about --env-file but my current setup doesn't allow me to do it easily.

I'm using Rancher and their Secrets (https://docs.rancher.com/rancher/v1.6/en/cattle/secrets/) implementation allows only mounted /run/secrets/mysecret (inside container) files at the moment.

Kubernetes (https://kubernetes.io/docs/concepts/configuration/secret/) has both options for file + environment variable so it will be working even now.

Ideal solution for me would be for images to allow passing sensitive data through files mounted by docker secrets. This would lead to situation when the only place sensitive data is visible is inside docker container through file (where file permissions could be used to further secure it).

Feel free to close this issue. I'll write a wrapper that will suite my needs for now. Hopefully some standard way of dealing with secrets will emerge soon.

from docker-neo4j.

Can we have this?

from docker-neo4j.