How to use docker secret rm command to remove secrets

Introduction

In this lab, you will learn how to manage sensitive data securely in Docker using secrets. You will begin by creating a Docker secret to store sensitive information.

Following the creation, you will verify that the secret has been successfully added to your Docker environment by listing the existing secrets. Finally, you will practice removing the secret and confirm its removal by listing the secrets again. This hands-on exercise will guide you through the essential commands for creating, listing, and removing Docker secrets.

Skills Graph

Create a secret

In this step, you will learn how to create a secret in Docker. Docker secrets are used to manage sensitive data, such as passwords, SSH keys, and other credentials, that a container needs at runtime. Using secrets is a more secure way to handle sensitive information compared to storing it directly in the container image or passing it as environment variables.

Before creating a secret, let's ensure you have the necessary Docker environment set up. The LabEx VM comes with Docker pre-installed. You can verify the Docker version by running:

docker version

You should see output similar to this, indicating Docker is installed and running:

Client: Docker Engine - Community
 Version:           20.10.21
 API version:       1.41
 Go version:        go1.16.15
 Git commit:        baedd2a
 Built:             Tue Oct 25 17:58:10 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.21
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.16.15
  Git commit:       363bd3a
  Built:            Tue Oct 25 17:56:32 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.8
  GitCommit:        9cd335e8e55e68bf582ae4525b3a13ffa8a49392
  Built:            Tue Oct 25 17:54:39 2022
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
  Built:            Tue Oct 25 17:54:25 2022
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0
  Built:            Tue Oct 25 17:54:16 2022

To create a secret, you can use the docker secret create command. This command reads sensitive data from standard input or a file and creates a secret in Docker.

Let's create a simple secret named my_password containing the value s3cr3t. We will pipe the secret value to the docker secret create command.

echo "s3cr3t" | docker secret create my_password -

After executing the command, Docker will create the secret and output its ID. The output will look similar to this:

<secret_id>

The <secret_id> is a unique identifier for the secret you just created. Keep this in mind, as you might need it for future operations.

List secrets to verify creation

In this step, you will learn how to list existing secrets in Docker to verify that the secret you created in the previous step was successfully added.

To list all secrets managed by Docker, you can use the docker secret ls command. This command provides a list of secrets, including their ID, name, and creation timestamp.

Let's run the command to see the secrets:

docker secret ls

The output should show the my_password secret you created in the previous step, along with its ID and creation time. The output will look similar to this:

ID                          NAME                CREATED             UPDATED
<secret_id>                 my_password         About a minute ago  About a minute ago

You can see the my_password secret listed, confirming that it was successfully created. The <secret_id> will match the ID that was output when you created the secret.

This command is useful for managing your secrets and ensuring that they are correctly configured in your Docker environment.

Remove a secret

In this step, you will learn how to remove a secret in Docker. Removing secrets is important for security and to clean up your Docker environment when secrets are no longer needed.

To remove a secret, you can use the docker secret rm command followed by the secret's name or ID. In the previous steps, we created a secret named my_password.

Let's remove the my_password secret:

docker secret rm my_password

After executing the command, Docker will remove the secret and output the secret's name or ID that was removed. The output will look similar to this:

my_password

This confirms that the my_password secret has been successfully removed from your Docker environment.

It's a good practice to remove secrets when they are no longer in use to minimize the risk of unauthorized access to sensitive information.

List secrets to verify removal

In this step, you will list the Docker secrets again to verify that the my_password secret you removed in the previous step is no longer present.

To list all secrets, use the docker secret ls command:

docker secret ls

This time, the output should not include the my_password secret. If there were no other secrets in your environment, the output might look like this:

ID                          NAME                CREATED             UPDATED

If there are other secrets, you will see them listed, but my_password should be absent. This confirms that the removal operation was successful.

Listing secrets after removal is a good way to ensure that sensitive data is no longer stored in your Docker environment.

Summary

In this lab, you learned how to manage sensitive data securely in Docker using secrets. You started by verifying your Docker environment and then created a secret named my_password using the docker secret create command, piping the secret value from standard input.

After creating the secret, you used the docker secret ls command to list existing secrets and confirm the successful creation of my_password. Finally, you practiced removing the secret using the docker secret rm command and verified its removal by listing the secrets again, demonstrating the complete lifecycle of a Docker secret.