configuration management in Docker Containers

Question

Currently, I have configurations files stored in GitHub. I have a single json file with the format as below

{ DEV:  { key1 : val1, key2 : val2 },  PROD:  { key1 : val1, key2 : val2 } }

My build system clones the git repo, builds the projects and creates a Docker image and stores in a private Docker registry. I have the jar files and configuration files copied into the Docker image. Whenever I spin up a container I inject an environment variable (ENV=DEV/PROD) which my code uses to read configs based on the environment.

I have a couple of questions here:

What is the best way to maintain environment specific configuration?

Configuration files may contain sensitive data such as api keys and secrets how can I encrypt and store and decrypt when I build Docker image?

If I want to change some configuration I need to trigger build because my configuration file is placed inside a Docker image. Can I place config files outside Docker container as a volume so that I can replace the config file and restart container so that code reads updated configs? If I want to place outside of Docker container can I still use any cluster management tools for container orchestration/management (Kubernetes/ECS)?

What is the way to make apps running in Docker containers read updated configs by just restarting the container instead of building a new docker image and deploying a new container?

Answer 1

As the question itself consists of a couple of questions. I would like to go one by one.

The best way to maintain is with ENV variables.

If your system is large and complex then this is a worthy way to practice unlike your system is small and simple it does not worth the effort.

You can encrypt all the configuration with the help of hash and decrypt all encrypted data with the help of key which only known to the application.

Use a docker-compose file, which allows perfect mechanism. For example:

version: "2"  

services:   

  server:

    hostname: server

    container_name: server

    image: serverBla

    build: ./server

    env_file:

      - ./config/config.env

The file ./config/config.env is your "dynamic" configuration. You just need to recreate the container to refresh the values inside of your app.

For more information please go through the following tutorial to get more info about docker: