Docker Secrets without Swarm on a Mac

Say you want to use credentials to communicate to a protected API from a Docker container on your local machine. You don’t want to put them into your code, of course. On Kubernetes and Docker we have secrets. But we are running locally, not on a Kubernetes cluster and Docker secrets can also only be used when running in swarm mode. If you don’t want to use swarm you still have environment variables.

Environment variables are not a great solution security wise, but locally, if we just want to remove them from any source or property file, we can use the MacOS keychain. To create a password:

security add-generic-password -a "$USER" -s 'my-xyz-password' -w 'Start123'

Then, when starting a container, pass the password in into the container using environment variables:

docker run -ti -e MY_XYZ_PASSWORD=$(security find-generic-password -a "$USER" -s 'my-xyz-password' -w) node bash

From within the container you can access the password from the environment, depending on the tools you use. From a shell:


From node, you can access it from the variable:


About Grischa Ekart

Follow me on Twitter: @gekart. I am a trainer and consultant for AWS, Docker, Kubernetes, Machine Learning and all things DevOps.
This entry was posted in Uncategorized and tagged , , , , . Bookmark the permalink.