Question about configuring FleetDM for Docker specifically u

Question

Question about configuring FleetDM for Docker specifically using Docker Swarm The <https github com fleetdm fleet blob master docs infrastructure configuring the fleet binary md|documentation> for configuring the binary states `mysql password` accepts a string but is it possible to provide a path to a file that contains the password say to a Docker secret ` run secrets fleetdm mysql password` I assume the answer is it s not supported currently but I wanted to ask

zwass · Answer

Is it possible to get the secret into env vars This is how secrets are handled by most systems I ve deployed on

CptOfEvilMinions · Answer

I was hoping to avoid storing secrets in environment variables because it s not best practice from a security standpoint

zwass · Answer

When we built Fleet we were trying to model after 12factor <https 12factor net config> If there s updated guidance on best practices I am open

CptOfEvilMinions · Answer

This suggests that the recommendations by 12factor for storing secrets in env vars is not best practice from a security standpoint One potential solution I am thinking of is when check if the value in `conf Password` is a valid file on disk if so read the contents if not treat it as is Thoughts on this approach