diff --git a/docs/reference/commandline/secret_create.md b/docs/reference/commandline/secret_create.md new file mode 100644 index 0000000000..92cee6cde7 --- /dev/null +++ b/docs/reference/commandline/secret_create.md @@ -0,0 +1,46 @@ +--- +title: "secret create" +description: "The secret create command description and usage" +keywords: ["secret, create"] +--- + + + +# secret create + +```Markdown +Usage: docker secret create [NAME] + +Create a secret using stdin as content +``` + +Creates a secret using standard input for the secret content. You must run this +command on a manager node. + +## Examples + +### Create a secret + +```bash +$ cat ssh-dev | docker secret create ssh-dev +mhv17xfe3gh6xc4rij5orpfds + +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` + +## Related information + +* [secret inspect](secret_inspect.md) +* [secret ls](secret_ls.md) +* [secret rm](secret_rm.md) + + diff --git a/docs/reference/commandline/secret_inspect.md b/docs/reference/commandline/secret_inspect.md new file mode 100644 index 0000000000..1572a87b16 --- /dev/null +++ b/docs/reference/commandline/secret_inspect.md @@ -0,0 +1,88 @@ +--- +title: "secret inspect" +description: "The secret inspect command description and usage" +keywords: ["secret, inspect"] +--- + + + +# secret inspect + +```Markdown +Usage: docker secret inspect [OPTIONS] SECRET [SECRET...] + +Display detailed information on one or more secrets + +Options: + -f, --format string Format the output using the given Go template + --help Print usage +``` + + +Inspects the specified secret. This command has to be run targeting a manager +node. + +By default, this renders all results in a JSON array. If a format is specified, +the given template will be executed for each result. + +Go's [text/template](http://golang.org/pkg/text/template/) package +describes all the details of the format. + +## Examples + +### Inspecting a secret by name or ID + +You can inspect a secret, either by its *name*, or *ID* + +For example, given the following secret: + +```bash +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` + +```bash +$ docker secret inspect mhv17xfe3gh6xc4rij5orpfds +[ + { + "ID": "mhv17xfe3gh6xc4rij5orpfds", + "Version": { + "Index": 1198 + }, + "CreatedAt": "2016-10-27T23:25:43.909181089Z", + "UpdatedAt": "2016-10-27T23:25:43.909181089Z", + "Spec": { + "Name": "ssh-dev", + "Data": null + }, + "Digest": "sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7", + "SecretSize": 1679 + } +] +``` + +### Formatting secret output + +The `--format` option can be used to obtain specific information about a +secret. For example, the following command outputs the digest of the +secret. + +```bash{% raw %} +$ docker secret inspect --format='{{.Digest}}' mhv17xfe3gh6xc4rij5orpfds +sha256:8281c6d924520986e3c6af23ed8926710a611c90339db582c2a9ac480ba622b7 +{% endraw %}``` + + +## Related information + +* [secret create](secret_create.md) +* [secret ls](secret_ls.md) +* [secret rm](secret_rm.md) diff --git a/docs/reference/commandline/secret_ls.md b/docs/reference/commandline/secret_ls.md new file mode 100644 index 0000000000..13a8e60454 --- /dev/null +++ b/docs/reference/commandline/secret_ls.md @@ -0,0 +1,44 @@ +--- +title: "secret ls" +description: "The secret ls command description and usage" +keywords: ["secret, ls"] +--- + + + +# secret ls + +```Markdown +Usage: docker secret ls [OPTIONS] + +List secrets + +Aliases: + ls, list + +Options: + -q, --quiet Only display IDs +``` + +This command when run targeting a manager, lists secrets in the +swarm. + +On a manager node: + +```bash +$ docker secret ls +ID NAME CREATED UPDATED SIZE +mhv17xfe3gh6xc4rij5orpfds ssh-dev 2016-10-27 23:25:43.909181089 +0000 UTC 2016-10-27 23:25:43.909181089 +0000 UTC 1679 +``` +## Related information + +* [secret create](secret_create.md) +* [secret inspect](secret_inspect.md) +* [secret rm](secret_rm.md) diff --git a/docs/reference/commandline/secret_rm.md b/docs/reference/commandline/secret_rm.md new file mode 100644 index 0000000000..5f9ba5f69b --- /dev/null +++ b/docs/reference/commandline/secret_rm.md @@ -0,0 +1,48 @@ +--- +title: "secret rm" +description: "The secret rm command description and usage" +keywords: ["secret, rm"] +--- + + + +# secret rm + +```Markdown +Usage: docker secret rm SECRET [SECRET...] + +Remove one or more secrets + +Aliases: + rm, remove + +Options: + --help Print usage +``` + +Removes the specified secrets from the swarm. This command has to be run +targeting a manager node. + +For example, to remove secret: + +```bash +$ docker secret rm sapth4csdo5b6wz2p5uimh5xg +sapth4csdo5b6wz2p5uimh5xg +``` + +> **Warning**: Unlike `docker rm`, this command does not ask for confirmation +> before removing a secret. + + +## Related information + +* [secret create](secret_create.md) +* [secret inspect](secret_inspect.md) +* [secret ls](secret_ls.md) diff --git a/docs/reference/commandline/service_create.md b/docs/reference/commandline/service_create.md index d659a60d19..9d98600043 100644 --- a/docs/reference/commandline/service_create.md +++ b/docs/reference/commandline/service_create.md @@ -54,6 +54,7 @@ Options: --restart-delay duration Delay between restart attempts (default none) --restart-max-attempts uint Maximum number of restarts before giving up (default none) --restart-window duration Window used to evaluate the restart policy (default none) + --secret value Specify secrets to expose to the service (default []) --stop-grace-period duration Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) @@ -119,6 +120,21 @@ ID NAME MODE REPLICAS IMAGE 4cdgfyky7ozw redis replicated 5/5 redis:3.0.7 ``` +### Create a service with secrets +Use the `--secret` flag to use a [secret](secret_create.md). The following +command will create a service with two secrets named `ssh-key` and `app-key`: + +```bash +$ docker service create --name redis --secret ssh-key:ssh --secret app-key:app redis:3.0.6 +4cdgfyky7ozwh3htjfw0d12qv +``` + +Secrets are located in `/run/secrets` in the container. If no target is +specified, the name of the secret will be used as the in memory file in the +container. If a target is specified, that will be the filename. In the +example above, two files will be created: `/run/secrets/ssh` and +`/run/secrets/app` for each of the secret targets specified. + ### Create a service with a rolling update policy ```bash diff --git a/docs/reference/commandline/service_update.md b/docs/reference/commandline/service_update.md index f321b31ddc..2cc67996e6 100644 --- a/docs/reference/commandline/service_update.md +++ b/docs/reference/commandline/service_update.md @@ -63,6 +63,8 @@ Options: --restart-max-attempts uint Maximum number of restarts before giving up (default none) --restart-window duration Window used to evaluate the restart policy (default none) --rollback Rollback to previous specification + --secret-add list Add a secret (default []) + --secret-rm list Remove a secret (default []) --stop-grace-period duration Time to wait before force killing a container (default none) -t, --tty Allocate a pseudo-TTY --update-delay duration Delay between updates (ns|us|ms|s|m|h) (default 0s) @@ -146,6 +148,20 @@ $ docker service update --mount-rm /somewhere myservice myservice ``` +### Adding and removing secrets + +Use the `--secret-add` or `--secret-rm` options add or remove a service's +secrets. + +The following example adds a secret named `ssh-2` and removes `ssh-1`: + +```bash +$ docker service update \ + --secret-add ssh-2 \ + --secret-rm ssh-1 \ + myservice +``` + ## Related information * [service create](service_create.md)