I’m using a secrets file with a Docker service and prior to today the application was able to read the file. Per best practices, the entrypoint is run as a non-root user but now it appears that the secrets file is only readable by root. Is it possible to modify the permissions on the secrets file? I’d prefer not to run my application as root in the container.
Hi, it makes sense that you wouldn’t want to run your app as root inside the container, per Docker’s best practices. Docker’s documentation says that your container should not have root access, but root is required to run/start your container.
As far as secretes are concerned, they generally shouldn’t be readable by others. So I would expect a Docker secret to be used at build time before the container has started, but not from within the container. Sorry if I’m missing something about your workflow, can you share a little more detail about how you have this setup currently and what you are accomplishing with Docker Secrets in your app?