Use docker secret (or alternative solution) to store IB password #93
-
Hello, Currently, I am using the Ib-gateway-docker on paper. When When I will use live data, I would prefer storing my IB password in a docker secret (or similar solution) instead of having it in the .env file. Has anyone already use docker secret with ib-gateway docker ? Thank you for your help. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments 1 reply
-
This is not implemented currently, but I do believe that is a good idea to look at implementation options. PRs are always welcome. To have this working would require (i'm thinking out loud here):
It's doable, but will take some time. it should be possible to create a common function to manage all cases. As said, PRs are more than welcome. |
Beta Was this translation helpful? Give feedback.
-
postgres image has a function do most of the work still need to figure out if envsubst will work |
Beta Was this translation helpful? Give feedback.
-
@benjaminSTW I'm doing some testing and trying to evaluate the "relative" security of using secrets. And I have to say that I was expecting more. I have setup a postgres container, basically all official images follow the same approach. they have a after setting a docker compose file, set a secret, and running the container. i can see the content of the password docker compose up -d postgres
docker inspect postgres | grep PASSWORD
"POSTGRES_PASSWORD=foryoureyesonly" so yes there is a security improvement by not setting the password in an In any case take into account that the password will be stored in IBC's config.ini file. That's required by IBC, so there not much room for improvement there. |
Beta Was this translation helpful? Give feedback.
-
hello, Switching to crypted password is not that easy ! I can have look and try to run the script with a password stored in the docker secret. When looking at the documentation, it seems to be secure and sensitive data are not visible. For IBC, indeed, the password will still be available in the config.ini. I can raise the point to IBC community. PS : thank you for your work and your quick feedback ! |
Beta Was this translation helpful? Give feedback.
-
moved as issue, #96 |
Beta Was this translation helpful? Give feedback.
moved as issue, #96