---
date: 2022-02-04 23:59:13-05:00
draft: false
math: false
medium_enabled: true
medium_post_id: 58cc9e00b1a7
tags:
- Containers
title: Docker Secrets
---

I try to keep secrets such as passwords and keys out in their own separate files so that I can `.gitignore` them and commit the rest of my configuration. With `docker-compose` we can do that with the `env_file` field. Here is an example with a postgres configuration:

```yaml
database:
  image: postgres:13.4
  container_name: database
  hostname: database
  env_file:
    - Volumes/database/docker.env
  volumes:
    - Volumes/database/var/lib/postgresql/data:/var/lib/postgresql/data
```

Then in `Volumes/database/docker.env` I can have a file with the secrets as key-value pairs:

```yaml
POSTGRES_USER=user
POSTGRES_PASSWORD=389ed93045c84cc0828c4310e6ef76ce
POSTGRES_DB=database
```