tmpfs mounts

Volumes and bind mounts let you share files between the host machine and container so that you can persist data even after the container is stopped.

If you're running Docker on Linux, you have a third option: tmpfs mounts. When you create a container with a tmpfs mount, the container can create files outside the container's writable layer.

As opposed to volumes and bind mounts, a tmpfs mount is temporary, and only persisted in the host memory. When the container stops, the tmpfs mount is removed, and files written there won't be persisted.

tmpfs on the Docker host

This is useful to temporarily store sensitive files that you don't want to persist in either the host or the container writable layer.

Limitations of tmpfs mounts

  • Unlike volumes and bind mounts, you can't share tmpfs mounts between containers.
  • This functionality is only available if you're running Docker on Linux.
  • Setting permissions on tmpfs may cause them to reset after container restart. In some cases setting the uid/gid can serve as a workaround.

Choose the --tmpfs or --mount flag

In general, --mount is more explicit and verbose. The biggest difference is that the --tmpfs flag does not support any configurable options.

  • --tmpfs: Mounts a tmpfs mount without allowing you to specify any configurable options, and can only be used with standalone containers.

  • --mount: Consists of multiple key-value pairs, separated by commas and each consisting of a <key>=<value> tuple. The --mount syntax is more verbose than --tmpfs:

    • The type of the mount, which can be bind, volume, or tmpfs. This topic discusses tmpfs, so the type is always tmpfs.
    • The destination takes as its value the path where the tmpfs mount is mounted in the container. May be specified as destination, dst, or target.
    • The tmpfs-size and tmpfs-mode options. See tmpfs options.

The examples below show both the --mount and --tmpfs syntax where possible, and --mount is presented first.

Differences between --tmpfs and --mount behavior

  • The --tmpfs flag does not allow you to specify any configurable options.
  • The --tmpfs flag cannot be used with swarm services. You must use --mount.

Use a tmpfs mount in a container

To use a tmpfs mount in a container, use the --tmpfs flag, or use the --mount flag with type=tmpfs and destination options. There is no source for tmpfs mounts. The following example creates a tmpfs mount at /app in a Nginx container. The first example uses the --mount flag and the second uses the --tmpfs flag.

$ docker run -d \
  -it \
  --name tmptest \
  --mount type=tmpfs,destination=/app \
$ docker run -d \
  -it \
  --name tmptest \
  --tmpfs /app \

Verify that the mount is a tmpfs mount by looking in the Mounts section of the docker inspect output:

$ docker inspect tmptest --format '{{ json .Mounts }}'

Stop and remove the container:

$ docker stop tmptest
$ docker rm tmptest

Specify tmpfs options

tmpfs mounts allow for two configuration options, neither of which is required. If you need to specify these options, you must use the --mount flag, as the --tmpfs flag does not support them.

tmpfs-sizeSize of the tmpfs mount in bytes. If unset, the default maximum size of a tmpfs volume is 50% of the host's total RAM.
tmpfs-modeFile mode of the tmpfs in octal. For instance, 700 or 0770. Defaults to 1777 or world-writable.

The following example sets the tmpfs-mode to 1770, so that it is not world-readable within the container.

docker run -d \
  -it \
  --name tmptest \
  --mount type=tmpfs,destination=/app,tmpfs-mode=1770 \

Next steps