API keys when Traefik is dockerized?

I have Traefik running from a docker container, and was hoping to keep my pilot token out of the CLI arguments, like I do with my CloudFlare credentials.

But, it doesn’t work, probably as per https://github.com/traefik/traefik/issues/7372 - "Can’t use ENV && CLI, it’s one or the other."

With the apparent caveat - Unless you’re specifying CF_API_EMAIL or CF_API_KEY in the environment, because that does work when CLI options are also specified. Which is confusing me…

Where can I put the TRAEFIK_PILOT_TOKEN in this docker-ized setup such that it’s not exposed as a CLI option?

And can I put CF_API_EMAIL and CF_API_KEY in that place too for consistency ?

Hello,

Where can I put the TRAEFIK_PILOT_TOKEN in this docker-ized setup such that it’s not exposed as a CLI option?

Currently, it's not possible: TRAEFIK_PILOT_TOKEN env var not taken in account · Issue #7372 · traefik/traefik · GitHub

And can I put CF_API_EMAIL and CF_API_KEY in that place too for consistency ?

CF_API_EMAIL and CF_API_KEY are not handled by Traefik it-self but by a lib that we use to handle ACME.

So you cannot define these elements via the CLI.

Can it be read as a Docker secret ?

you can use CF_API_EMAIL_FILE and CF_API_KEY to reference files.

I rather meant, can we specify the pilot.token as a Docker secret ?

no, it's possible to mix the source of static configuration

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.