{"id":13415900,"url":"https://github.com/sudo-bmitch/docker-config-update","last_synced_at":"2025-09-02T16:31:39.704Z","repository":{"id":39617845,"uuid":"162825808","full_name":"sudo-bmitch/docker-config-update","owner":"sudo-bmitch","description":"Utility to handle updates to docker configs and secrets","archived":false,"fork":false,"pushed_at":"2023-03-30T13:03:12.000Z","size":6,"stargazers_count":50,"open_issues_count":1,"forks_count":7,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-12-25T19:57:14.979Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sudo-bmitch.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-12-22T16:22:05.000Z","updated_at":"2024-09-22T06:04:45.000Z","dependencies_parsed_at":"2024-10-26T12:06:05.523Z","dependency_job_id":"38578101-d9e8-414e-9374-60e15a95acbe","html_url":"https://github.com/sudo-bmitch/docker-config-update","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-bmitch%2Fdocker-config-update","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-bmitch%2Fdocker-config-update/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-bmitch%2Fdocker-config-update/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sudo-bmitch%2Fdocker-config-update/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sudo-bmitch","download_url":"https://codeload.github.com/sudo-bmitch/docker-config-update/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231797741,"owners_count":18428063,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-30T21:00:52.878Z","updated_at":"2024-12-29T23:58:54.718Z","avatar_url":"https://github.com/sudo-bmitch.png","language":"Shell","readme":"# Docker Config and Secret Update Tool\n\nThis utility will update configs and secrets in docker based on a local\nsource file. The configs and secrets are versioned and the version is appended\nto the config and secret name. An environment variable file is updated with\nthe latest version number of the configs and secrets. This file can then be\nsourced before deploying a stack in docker to use the latest versions.\n\n## The .docker-deploy file\n\nThis file contains the following lines:\n\n- `CONFIG_LIST=`: space separated list of configs.\n- `SECRET_LIST=`: space separated list of secrets.\n- `ENV_FILE=`: filename to update with config and secret variables,\n  defaults to `.env`. If set to an empty string (`\"\"`), updates to the\n  environment file are skipped.\n- `STACK_NAME=`: stack name, used to namespace configs/secrets to\n  automatically cleanup when the stack is removed.\n- For each config name in the list above:\n  - `CONF_name_SRC_FILE=`: filename to read a config from, name is a variable.\n  - `CONF_name_SRC_TYPE=`: change from the default \"file\" type, can be \"latest\"\n    to use the most recent version.\n  - `CONF_name_TGT_NAME=`: name of config to create, appended with a version.\n  - `CONF_name_TGT_VAR=`: variable to update in environment file.\n- For each secret name in the list above:\n  - `SEC_name_SRC_FILE=`: filename to read a secret from, name is a variable.\n  - `SEC_name_SRC_TYPE=`: change from the default \"file\" type, can be \"latest\"\n    to use the most recent version, and \"random\" to randomly initialize a\n    value.\n  - `SEC_name_TGT_NAME=`: name of secret to create, appended with a version.\n  - `SEC_name_TGT_VAR=`: variable to update in environment file.\n- `OPT_ONLY_LATEST=`: set to 1 to prevent old versions of a config/secret from\n  being used, forces creation of a new entry even if old ones match.\n- `OPT_PRUNE_UNUSED=`: set to 1 to cleanup unused versions of configs and\n  secrets. This currently blindly deletes all configs/secrets other than the\n  active one, ignoring errors from those that are still in use.\n\nAn example file could look like:\n\n```\nCONFIG_LIST=\"app demo\"\nSECRET_LIST=\"app passwd\"\nCONF_app_SRC_FILE=\"app.conf\"\nCONF_app_TGT_NAME=\"app-\"\nCONF_app_TGT_VAR=\"app_conf_ver\"\nCONF_demo_SRC_TYPE=latest\nCONF_demo_TGT_NAME=\"demo-\"\nCONF_demo_TGT_VAR=\"demo_conf_ver\"\nSEC_app_SRC_FILE=\"app.sec\"\nSEC_app_TGT_NAME=\"app-\"\nSEC_app_TGT_VAR=\"app_sec_ver\"\nSEC_passwd_SRC_TYPE=random\nSEC_passwd_TGT_NAME=\"passwd-\"\nSEC_passwd_TGT_VAR=\"passwd_ver\"\n```\n\n## The .env file\n\nThis file will contain lines with each `CONF_name_TGT_VAR` and\n`SEC_name_TGT_VAR` defined in the `.docker-deploy` file (where name is from the\nlist of configs and secrets).\n\n## Using with a compose file\n\nYour compose file will need to define external configs and secrets. With\nversion 3.5 of the compose file, you define external configs and secrets with\na name using the following syntax:\n\n```\nversion: '3.5'\n\nconfigs:\n  app_conf:\n    external: true\n    name: app_conf_${app_conf_ver}\nsecrets:\n  app_sec:\n    external: true\n    name: app_sec_${app_sec_ver}\nservices:\n  app:\n    image: app_image\n    configs:\n      - source: app_conf\n        target: /etc/app.conf\n        mode: 444\n    secrets:\n      - source: app_sec\n        target: /etc/app.sec\n        mode: 400\n        uid: \"0\"\n```\n\nWhen deploying the stack, you'll want to run:\n\n```\n# update the .env file with this script\ndocker-config-update\n# source and export the .env file\nset -a \u0026\u0026 . ./.env \u0026\u0026 set +a\n# deploy the stack with the variables\ndocker stack deploy -c docker-compose.yml app\n```\n\n## Random secrets\n\nThese are a 32 character string created with:\n\n```\nbase64 -w 0 \u003c/dev/urandom | head -c 32\n```\n\nThis entry will only be created if missing with a version of 1. Otherwise the\nlatest version of this secret is saved to the environment file.\n\n## Running from Docker Image\n\nThis is also packaged in a docker image and can be run with the following on\nLinux hosts:\n\n```bash\n$ docker container run --rm -it \\\n  -u \"$(id -u):$(id -g)\" --group-add \"$(stat -c \"%g\" /var/run/docker.sock)\" \\\n  -v \"/var/run/docker.sock:/var/run/docker.sock\" \\\n  -v \"$(pwd):$(pwd)\" -w \"$(pwd)\" \\\n  sudobmitch/docker-config-update $args\n```\n\n## License\n\nThis script is released under the MIT license.\n\n","funding_links":[],"categories":["Container Operations","others","Shell"],"sub_categories":["Container Composition"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsudo-bmitch%2Fdocker-config-update","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsudo-bmitch%2Fdocker-config-update","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsudo-bmitch%2Fdocker-config-update/lists"}