API keys when Traefik is dockerized?

Traefik Traefik v2
,
1

I have Traefik running from a docker container, and was hoping to keep my pilot token out of the CLI arguments, like I do with my CloudFlare credentials.

But, it doesn’t work, probably as per https://github.com/traefik/traefik/issues/7372 - "Can’t use ENV && CLI, it’s one or the other."

With the apparent caveat - Unless you’re specifying CF_API_EMAIL or CF_API_KEY in the environment, because that does work when CLI options are also specified. Which is confusing me…

Where can I put the TRAEFIK_PILOT_TOKEN in this docker-ized setup such that it’s not exposed as a CLI option?

And can I put CF_API_EMAIL and CF_API_KEY in that place too for consistency ?

2

Hello,

Where can I put the TRAEFIK_PILOT_TOKEN in this docker-ized setup such that it’s not exposed as a CLI option?

Currently, it's not possible: TRAEFIK_PILOT_TOKEN env var not taken in account · Issue #7372 · traefik/traefik · GitHub

And can I put CF_API_EMAIL and CF_API_KEY in that place too for consistency ?

CF_API_EMAIL and CF_API_KEY are not handled by Traefik it-self but by a lib that we use to handle ACME.

So you cannot define these elements via the CLI.

3

Can it be read as a Docker secret ?

4

you can use CF_API_EMAIL_FILE and CF_API_KEY to reference files.

5

I rather meant, can we specify the pilot.token as a Docker secret ?

6

no, it's possible to mix the source of static configuration

7

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.