docker pass

Description	Manage your local OS keychain secrets.
Usage	`docker pass set\|get\|ls\|rm`

Experimental

This command is experimental.

Experimental features are intended for testing and feedback as their functionality or design may change between releases without warning or can be removed entirely in a future release.

Description

Docker Pass is a helper that allows you to store secrets securely in your local OS keychain and inject them into containers later.

On Windows: Uses the Windows Credential Manager API.

On macOS: Uses macOS Keychain services API.

On Linux: org.freedesktop.secrets API (requires DBus and gnome-keyring or kdewallet to be installed).

Examples

Using keychain secrets in containers

Create a secret:

$ docker pass set GH_TOKEN=123456789

Creating a secret from STDIN:

echo 123456789 > token.txt
cat token.txt | docker pass set GH_TOKEN

Run a container that uses the secret:

$ docker run -e GH_TOKEN= -dt --name demo busybox

Inspect your secret from inside the container

$ docker exec demo sh -c 'echo $GH_TOKEN'
123456789

Explicitly assigning a secret to another environment variable:

$ docker run -e GITHUB_TOKEN=se://GH_TOKEN -dt --name demo busybox

Subcommands

Command	Description
`docker pass get`	Get a secret
`docker pass ls`	List secrets
`docker pass rm`	Remove a secret
`docker pass set`	Set a secret

Ask me about Docker

docker pass

Description

Examples

Using keychain secrets in containers

Subcommands