1 00:00:04,550 --> 00:00:09,160 ‫What about secrets for local development using the Docker Compose command line. We've been talking about 2 00:00:09,160 --> 00:00:10,200 ‫Swarm up until now. 3 00:00:10,210 --> 00:00:15,010 ‫But I'm back on my machine, and I've got Docker Compose installed which I did not have in my swarm, 4 00:00:15,010 --> 00:00:15,350 ‫right? 5 00:00:15,370 --> 00:00:17,410 ‫Because again, Compose is not a production tool. 6 00:00:17,410 --> 00:00:19,310 ‫It's designed for development. 7 00:00:19,310 --> 00:00:22,050 ‫I'm in the same secret sample directory we had before. 8 00:00:22,060 --> 00:00:27,280 ‫You can see that I have the two password files, and the Docker Compose file that we had in the swarm. Just 9 00:00:27,280 --> 00:00:28,840 ‫to prove that I'm not in a swarm, 10 00:00:28,840 --> 00:00:30,440 ‫I can do a docker node 11 00:00:30,480 --> 00:00:33,300 ‫ls, and it will actually tell me this is not a swarm manager. 12 00:00:33,300 --> 00:00:38,670 ‫I'm not in a swarm, so I don't have access to the Swarm database or the ability to put secrets in it. 13 00:00:38,680 --> 00:00:40,550 ‫So, how do we deal with this in local development? 14 00:00:40,630 --> 00:00:43,420 ‫Ideally, we can still use the same Compose file. 15 00:00:43,420 --> 00:00:48,020 ‫We can still use the same objects like the environment variables for postgres. 16 00:00:48,140 --> 00:00:52,800 ‫Docker had to come up with a way to make this work in test and dev. 17 00:00:53,140 --> 00:00:55,840 ‫If we do a docker compose up -d, 18 00:00:59,840 --> 00:01:11,030 ‫and then we did a docker compose exec psql. Then did a cat on run secrets 19 00:01:11,330 --> 00:01:16,320 ‫psql user, how did our secret get in there, right? 20 00:01:16,320 --> 00:01:17,960 ‫Because we don't have the database. 21 00:01:18,000 --> 00:01:20,760 ‫Well, it turns out there's a little bit of magic here. 22 00:01:20,790 --> 00:01:25,950 ‫Well it's not magic. It's just hiding behind the scenes, that what's actually happening with Compose is 23 00:01:25,950 --> 00:01:28,810 ‫not secure, but it does work. 24 00:01:28,830 --> 00:01:35,640 ‫It basically bind mounts at runtime that actual file on my hard drive into the container. 25 00:01:35,640 --> 00:01:40,820 ‫It's really just doing a -v with that particular file in the background. 26 00:01:40,830 --> 00:01:43,780 ‫Again, this is totally not secure and it's not supposed to be. 27 00:01:43,800 --> 00:01:49,410 ‫It's just a way to get around this problem and allow us to develop with the same process and the same 28 00:01:49,410 --> 00:01:54,750 ‫environment variable secret information that we would have in production, only now we can do it locally 29 00:01:54,750 --> 00:02:00,720 ‫too. Which is great because now that means we can develop using the same launch scripts and the same 30 00:02:00,720 --> 00:02:04,850 ‫way we get environment variables into our container just like we would in Swarm. 31 00:02:04,980 --> 00:02:06,090 ‫And that's what we really want. 32 00:02:06,090 --> 00:02:10,490 ‫We want to match our production environment as much as we possibly can locally. 33 00:02:10,590 --> 00:02:12,650 ‫You need the latest version of Docker Compose to do this. 34 00:02:12,650 --> 00:02:16,210 ‫I believe it only works in Docker Compose 11. 35 00:02:16,430 --> 00:02:20,630 ‫I hope you think that's pretty cool because I thought that was a good compromise for them to make 36 00:02:20,630 --> 00:02:23,570 ‫in order to let us use the Secret commands. 37 00:02:23,600 --> 00:02:27,290 ‫Now I will point out this only works with file-based secrets. 38 00:02:27,290 --> 00:02:30,640 ‫It will not work with the external that we talked about. 39 00:02:30,650 --> 00:02:37,060 ‫If we look at the Compose file real quick, I would have to use file-based ones for my local development. 40 00:02:37,220 --> 00:02:42,530 ‫Maybe if you're using external in your production, you just might have to have a different Compose 41 00:02:42,530 --> 00:02:49,610 ‫file for development that would have the file attribute here and specify sample, dummy files in the 42 00:02:49,610 --> 00:02:54,450 ‫same directory or somewhere else you might store them, that are just using simple password for development.