Tutorials › Docker › Docker Secrets

Docker Secrets

5 min read Quiz at the end

Pass sensitive data to containers with Docker Secrets — safer than plain environment variables.

Docker Secrets

# Create secret
echo "mypassword" | docker secret create db_password -
docker secret ls

# In Compose (Swarm mode)
secrets:
  db_password:
    external: true
services:
  web:
    secrets: [db_password]
# Mounted at: /run/secrets/db_password

# BuildKit secret (build-time, never in image layers)
docker build --secret id=npmrc,src=$HOME/.npmrc .
# Dockerfile:
RUN --mount=type=secret,id=npmrc,target=/root/.npmrc npm ci

← Databases in Docker Next: Docker CI/CD →

Topic Quiz · 2 questions

Test your understanding before moving on

1. Where are Docker Secrets mounted inside a container?

💡 Docker Secrets are mounted as files under /run/secrets/secret_name inside the container.

2. Why are Secrets safer than environment variables for passwords?

💡 Environment variables are easily exposed via docker inspect or logs; file-mounted secrets are safer.

Quick Access

Docker Secrets

Docker Secrets

Test your understanding before moving on