Say you want to use credentials to communicate to a protected API from a Docker container on your local machine. You don’t want to put them into your code, of course. On Kubernetes and Docker we have secrets. But we are running locally, not on a Kubernetes cluster and Docker secrets can also only be used when running in swarm mode. If you don’t want to use swarm you still have environment variables.
Environment variables are not a great solution security wise, but locally, if we just want to remove them from any source or property file, we can use the MacOS keychain. To create a password:
security add-generic-password -a "$USER" -s 'my-xyz-password' -w 'Start123'
Then, when starting a container, pass the password in into the container using environment variables:
docker run -ti -e MY_XYZ_PASSWORD=$(security find-generic-password -a "$USER" -s 'my-xyz-password' -w) node bash
From within the container you can access the password from the environment, depending on the tools you use. From a shell:
echo $MY_XYZ_PASSWORD
From node, you can access it from the variable:
process.env.MY_XYZ_PASSWORD