docker pass
| Description | Manage your local OS keychain secrets. |
|---|---|
| Usage | docker pass set|get|ls|rm |
Experimental
This command is experimental.
Experimental features are intended for testing and feedback as their functionality or design may change between releases without warning or can be removed entirely in a future release.
Description
Docker Pass is a helper that allows you to store secrets securely in your local OS keychain and inject them into containers later.
On Windows: Uses the Windows Credential Manager API.
On macOS: Uses macOS Keychain services API.
On Linux: org.freedesktop.secrets API (requires DBus and gnome-keyring or
kdewallet to be installed).
Examples
Using keychain secrets in containers
Create a secret:
$ docker pass set GH_TOKEN=123456789
Creating a secret from STDIN:
echo 123456789 > token.txt
cat token.txt | docker pass set GH_TOKEN
Run a container that uses the secret:
$ docker run -e GH_TOKEN= -dt --name demo busybox
Inspect your secret from inside the container
$ docker exec demo sh -c 'echo $GH_TOKEN'
123456789
Explicitly assigning a secret to another environment variable:
$ docker run -e GITHUB_TOKEN=se://GH_TOKEN -dt --name demo busybox
Subcommands
| Command | Description |
|---|---|
docker pass get | Get a secret |
docker pass ls | List secrets |
docker pass rm | Remove a secret |
docker pass set | Set a secret |