Reflex can leverage Docker Secrets for its initial key management, which adds an additional layer of protection.
Docker Secrets are a feature of Docker Swarm – reference the documentation at docker for a more indepth explanation.
Simply put, Reflex will first look for its key variables in the following order:
- mapped as a Docker Secret
- in the os environment
- in the local config - least desireable
These variables include:
To setup docker and use secrets in this manner, start by configuring the secret:
Then include in your docker compose stackfile the secret definition:
As you can see in this definition, you have the flexibility to mix-and-match to suite. The service is defined as an environment variable, where the apikey and url are secrets. The url is a secret that is shared across many containers, where the apikey is unique to this specific container.