Recently Docker Inc. announced Docker Secrets Management, a secure way to store confidential announcements like credentials, tokens, passwords, certificates, etc. so that containerized applications can securely communicate with other services. This is released for Docker Swarm right now and it will be released for Docker Compose in the near future. The basic secrets management feature is available for all users of Docker platform right now but if you want role based access control, it is a paid feature. Clearly, Docker is making their platforms more palatable to enterprise customers, one of the weakness they had to fend off as the compete with other platform vendors like Red Hat and Pivotal who tout container security as one of their strong points.
Even though Kubernetes has a similar feature and one can manually enable TLS with Kubernetes Secrets, Docker makes TLS a default for access. Docker secrets uses In-Memory for keeping the decrypted password and doesn’t store the file in a disk storage while an application is using it. However, if the service running in the container is compromised, the Docker Secrets kept unencrypted in-memory will also be compromised. The secrets management system will also notify all nodes to delete the secrets if the service is deleted or rescheduled.
In short, this is a required enterprise feature added by Docker for their platform and making role based access control to secrets a premium feature is a smart move which indicates that Docker, as a company, has realized that they need to go beyond the spirits of end to end OSS model to justify their valuation. There is nothing wrong with it as it is the reality in the industry.