You add config to share credentials between services. services:
app:
build: ./app
environment:
DB_PASSWORD_FILE: /run/secrets/db_root_password
secrets:
– db_root_password
db:
image: mysql
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/db_root_password
secrets:
– db_root_password

secrets:
db_root_password:
file: ./secrets/db_root_password.txt

Is there a way to abstract away these extra configuration steps and keep it simple yet secure by default? If you would express db as a dependency/resource of app, could you infer that you could put it in a seperate network and have the credentials automatically link?
‘As a developer’ I’m not really interested in the network specifics or which credentials, I just want them to talk securely and minimize any attack vectors and keep any configuration to a minimum.
With tens of apps, their databases and transversal connections, how to do you keep the configuration to a minimum? Googling around I found; humanitec:
https://ift.tt/KQJ8ZAT
They express something as ‘resources’, a dependency type that can be provisioned automatically with inputs and outputs that then can be injected in the application env vars:
mysql://${externals.my-db.username}:${externals.my-db.password}@${externals.my-db.host}:${externals.my-db.port}/${externals.my-db.name} you’re limited to a limited set of drivers ofcourse and how would you express an app1 to app2 dependency? juju:
https://juju.is/ Each app is packaged in a charm which seems to be a yaml declaring inputs, dependencies and other meta data and optional python code that can respond to certain lifecycle hooks https://ift.tt/Sqj9wrU name: my-node-app
…
requires:
database:
interface: mongodb
provides:
website:
interface: http