Container Security (Env Passwords) #45047
Unanswered
shealavington
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi All,
I'm looking to modernise my Laravel application by moving it into an image for containerizing in the cloud. I'm curious what the Laravel Team, Laravel Community & Docker Community, or really any developer thinks about the situation I am in.
A colleague of mine (never used containers afaik) has raised a concern they have regarding the security of passing the DB_PASSWORD through the containers environment variables. They mentioned that they believe that passwords in the system environment variables at the root of the container would be dangerous.
Would you consider it safe enough to pass a docker container an environment variable containing the DB_PASSWORD? I believe that as a single application container, the risk is mitigated when using a VNetwork for database access.
I'm curious to know if anyone knows if it is considered safe or unsafe to pass DB_PASSWORD to a container, or if I should be highly considering the use of a Key-Vault with custom authentication instead of using the env file or container env variables?
Any responses with opinions or experience are welcome. Request speed, developer ease of development, and low maintenance, are all highly important.
Thanks,
Shea
Beta Was this translation helpful? Give feedback.
All reactions