docker

package
v1.39.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 8, 2026 License: MIT Imports: 7 Imported by: 1

README

Docker Secret Store Plugin

This plugin allows to access Docker secrets mounted by the engine during container runtime. The secrets are accessible as files under /run/secrets from within the container.

⭐ Telegraf v1.27.0 🏷️ containers 💻 all

Usage

Secrets defined by a store are referenced with @{<store-id>:<secret_key>} the Telegraf configuration. Only certain Telegraf plugins and options of support secret stores. To see which plugins and options support secrets, see their respective documentation (e.g. plugins/outputs/influxdb/README.md). If the plugin's README has the Secret store support section, it will detail which options support secret store usage.

Configuration

# Secret store to access docker secrets
[[secretstores.docker]]
  ## Unique identifier for the secret store.
  ## This id can later be used in plugins to reference the secrets
  ## in this secret store via @{<id>:<secret_key>} (mandatory)
  id = "docker_secretstore"

  ## Default Path to directory where docker stores the secrets file
  ## Current implementation in docker compose v2 only allows the following
  ## value for the path where the secrets are mounted at runtime
  # path = "/run/secrets"

  ## Allow dynamic secrets that are updated during runtime of telegraf
  ## Dynamic Secrets work only with `file` or `external` configuration
  ## in `secrets` section of the `docker-compose.yml` file
  # dynamic = false

Each Secret mentioned within a Compose service's secrets parameter will be available as file under the /run/secrets/<secret-name> within the container.

It is possible to let Telegraf pick changed secret values into plugins by setting dynamic to true. This feature will work only for Docker secrets provided via file and external settings within the docker-compose.yml file (see documentation) instead of using environment variables.

Example Compose File

services:
  telegraf:
    image: docker.io/telegraf:latest
    container_name: dockersecret_telegraf
    user: "${USERID}" # Required to access the /run/secrets directory in container
    secrets:
      - secret_for_plugin
    volumes:
      - /path/to/telegrafconf/host:/etc/telegraf/telegraf.conf:ro

secrets:
  secret_for_plugin:
    environment: TELEGRAF_PLUGIN_CREDENTIAL

here the TELEGRAF_PLUGIN_CREDENTIAL exists in a .env file in the same directory as the docker-compose.yml. An example of the .env file can be as follows:

TELEGRAF_PLUGIN_CREDENTIAL=superSecretStuff
# determine this value by executing `id -u` in terminal
USERID=1000

Additional Information

This plugin only supports reading the secrets, it cannot create or modify them.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Docker 

type Docker struct {
	ID      string `toml:"id"`
	Path    string `toml:"path"`
	Dynamic bool   `toml:"dynamic"`
}

func (*Docker) Get 

func (d *Docker) Get(key string) ([]byte, error)

func (*Docker) GetResolver 

func (d *Docker) GetResolver(key string) (telegraf.ResolveFunc, error)

func (*Docker) Init 

func (d *Docker) Init() error

func (*Docker) List 

func (d *Docker) List() ([]string, error)

func (*Docker) SampleConfig 

func (*Docker) SampleConfig() string

func (*Docker) Set 

func (*Docker) Set(_, _ string) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.