• Skip to primary navigation
  • Skip to main content
Rishidot Research

Rishidot Research

deciphering the modern enterprise

  • Home
  • About Us
    • Meet The Team
  • Research
    • Research Agenda
    • Research Data
  • Services
  • Blog
  • Stacksense
  • AISutra
  • Rishidot TV
  • Modern Enterprise Podcast
  • Contact Us
    • Information For AR/PR Representing Vendors
  • Show Search
Hide Search

key management

Quick Analysis: Docker Secrets Management Announcement

Krishnan Subramanian · February 13, 2017 · Leave a Comment

Recently Docker Inc. announced Docker Secrets Management, a secure way to store confidential announcements like credentials, tokens, passwords, certificates, etc. so that containerized applications can securely communicate with other services. This is released for Docker Swarm right now and it will be released for Docker Compose in the near future. The basic secrets management feature is available for all users of Docker platform right now but if you want role based access control, it is a paid feature. Clearly, Docker is making their platforms more palatable to enterprise customers, one of the weakness they had to fend off as the compete with other platform vendors like Red Hat and Pivotal who tout container security as one of their strong points.

Even though Kubernetes has a similar feature and one can manually enable TLS with Kubernetes Secrets, Docker makes TLS a default for access. Docker secrets uses In-Memory for keeping the decrypted password and doesn’t store the file in a disk storage while an application is using it. However, if the service running in the container is compromised, the Docker Secrets kept unencrypted in-memory will also be compromised. The secrets management system will also notify all nodes to delete the secrets if the service is deleted or rescheduled.

In short, this is a required enterprise feature added by Docker for their platform and making role based access control to secrets a premium feature is a smart move which indicates that Docker, as a company, has realized that they need to go beyond the spirits of end to end OSS model to justify their valuation. There is nothing wrong with it as it is the reality in the industry.

Document Source

Quick Analysis: ]([]https://github.com/rishidot/Quick-Analysis/blob/master/2017/Docker-Secrets-Feb.md)

Subscribe to Modern Enterprise Newsletter & get notified about our research




© 2021 · Rishidot Research