I recently moved my Docker Swarm setup to Ansible and found an issue with the docker_secret module. In each container my code runs cat /run/secrets/* > all_secrets to concatenate all of the secrets into a file where each line is a secret. Previous to Ansible, we echoed the secret and piped it to docker secret create as per their recommendation (https://docs.docker.com/engine/reference/commandline/secret_create/). Once we moved the secrets to a variable file for Ansible we found that the secrets are concatenated on one line which causes issues when the file is parsed. When I add a carriage return in the variables file it mimics the behavior of echoing the secret to | docker secret.
This example is with echo
`
[root@master ~]# echo ‘security_key=12345’ | docker secret create security_key -
kibapcvv97qbayyusverfx8rp
[root@master ~]# echo ‘security_password=abcdef’ | docker secret create security_password -
0cf3ryjijlf496samric8dg2f
[root@master ~]# docker service create --name myservice --secret security_key --secret security_password redis:alpine
ps73gnormz40zmmrmbqca1lxc
overall progress: 1 out of 1 tasks
1/1: running
verify: Service converged
[root@master ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f70bdb910cbe redis:alpine “docker-entrypoint.s…” 41 seconds ago Up 41 seconds 6379/tcp myservice.1.hzgkm48hjhwl1u6u0m7hif6f2
[root@master ~]# docker exec -it f70bdb910cbe /bin/sh
/data # cat /run/secrets/security_* > /run/secrets/all_secrets
/data # cat /run/secrets/all_secrets
security_key=12345
security_password=abcdef
`
This example is with Ansible with no carriage return
`
[root@master ~]# cat playbook.yml