This project provides a Docker plugin to use OnePassword as a secrets provider. It allows Docker containers to securely access secrets stored in OnePassword. The plugin uses the OnePassword Connect API to retrieve secrets and provide them to Docker containers.
- OnePassword (Obviously)
- Docker swarm mode (for using Docker secrets)
The plugin can be configured using the following environment variables:
OP_CONNECT_HOST: The OnePassword Connect (hostdefault:http://localhost:8080)OP_CONNECT_TOKEN: The OnePassword Connect tokenOP_VAULT_NAME: The OnePassword vault used for secrets (default:docker)
-
Set up the OnePassword Connect and Sync services using Docker Compose, follow the instructions in the OnePassword Connect documentation.
docker-compose up -d # There is a docker-compose.yml file in the root of this repository -
Install the plugin
docker plugin install mrmarble/opsd:latest OP_CONNECT_HOST=<one password connect api host> OP_CONNECT_TOKEN=<your_token> OP_VAULT_NAME=<vault where secrets are stored>
-
Create a secret in OnePassword
op item create --category=password --title=my-app-secrets --vault=docker 'MY_SECRET[password]=supersecretpassword' -
Create a Docker secret using the plugin
docker secret create --driver mrmarble/opsd:latest -l item=my-app-secrets MY_SECRET
-
Use the secret in a service
docker service create --secret MY_SECRET --name my-app my-app-image
This project is licensed under the MIT License. See the LICENSE file for details.