So I am using balena for distributed software and I’m wondering if any of you other users are using this for a similar situation.
So each location that the docker container will be deployed to will need to have some type of a unique password per deployment for things such as a database login. Do I need to have a totally unique fleet per location? and then use the ENV vars for the passwords at the balena level rather than the environment vars at the docker-compose level? Obviously I dont want the latter and hard code passwords in the compose file but even still if I did that, all the locations in my fleet will share that one password.
I am having a hard time wrapping my mind around one docker-compose file going to hundreds of locations that all need unique passwords.
Also, it appears that secrets are only supported through cloud . Anybody have any other solution for trying to manage secure passwords through openBalena?
Thanks for the response! But there’s one issue I see with doing this and that’s the fact that balena does not support variable substitution so I cannot device a POSTGRES_PASSWORD to the postgres image from an environment variable as the value for the POSTGRES_PASSWORD will just be ${MY_PASSWORD} and not that actual value.
version: "2.1"
services:
database-service:
build: ./database
container_name: database-service
restart: always
networks:
- internal
ports:
- 5433:5432
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
# RIGHT HERE is the issue as the actual password for the database when I deploy will be
# ${DBPASS} and not the actual env var.
POSTGRES_PASSWORD: ${DBPASS}
Hi @jordan-lumley, I think I just replied to you on another thread but what you can do is edit the script that starts your container image and make the assignment there. The database service must have a bash entrypoint/start script, you can do export POSTGRES_PASSWORD=$DBPASS in there and that should do it.
. Anybody have any other solution for trying to manage secure passwords through openBalena?