问题
This is actually a question following from my previous one.
I am trying to use docker to host a personal note-taking web service and want to backup data generated by the service (my notes). Currently I plan to use git to commit, pull, and push to a repository for my purpose.
To do git pull and push, my docker image needs to host my credentials. What is the easiest yet safe way to achieve this?
What I have done so far:
- I choose
Alpineas the base image of the image of my service. - Because I only need credentials for git, I think put a git credential helper into the image may solve my problem. I can save credentials to the helper during the build time and use them during runtime.
- I googled a while and decided to use
libsecretas my git credential helper, according to this article. - I have installed
libsecretand set my git credential helper to begit-credential-libsecret
However, I cannot make git-credential-libsecret functional so far. Here are a couple of problems that I encountered:
Firstly, I tested
git-credential-libsecret getand get the following error:CRITICAL **: could not connect to Secret Service: Cannot spawn a message bus without a machine-id: Unable to load /var/lib/dbus/machine-id or /etc/machine-id: Failed to open file */var/lib/dbus/machine-id*: No such file or directory- I (probably?) solved it by installing
dbusand rundbus-uuidgen > /var/lib/dbus/machine-id
- I (probably?) solved it by installing
Then I try to run
git-credential-libsecret getagain. This time, it reports that:CRITICAL **: could not connect to Secret Service: Cannot autolaunch D-Bus without X11 $DISPLAY- I tried to install
dbus-x11and rundbus-launch --sh-syntax(from here) but with no luck this time. The error continues.
- I tried to install
In conclusion, I would like to know:
- Am I on a right direction (using git credential helper) to achieve my goal?
- If so, how can I resolve the X11 problem?
- Are there any other quick and clean methods to backup data in docker with version control?
回答1:
If your git provider supports ssh with public keys, I think the easiest way would be to switch to them. You would also not have to copy around your password.
You need to:
- add ssh client to your docker image
- generate an ssh key and copy it to the image. The
ssh-agentpart is not needed - register the key to the provider
回答2:
It depends on where you are running git-credential-libsecret: you need to have it installed in your image/container, not on the host.
Note that another option would be to use a volume (see my answer to your previous question), in which case, git could be installed only on the host.
But here, you would use git directly in your image, which means, as in this Dockerfile, you need to have in your Dockerfile:
RUN apt-get update -y &&
apt-get install --no-install-recommends -y libsecret-1-0 git
https://github.com/electron-userland/electron-builder/blob/master/docker/base/Dockerfile
来源:https://stackoverflow.com/questions/48237435/how-to-bake-credential-into-docker-image-for-git