Hiding TLS details in static config

Traefik Traefik v3 (latest)
1

I am using stacks to deploy in my swarm environment. I have a working config using static config and dynamic config files. in my static config file, i define my entry points and the tls options (cert-resolver, and domain names). Looks like this:

tls:
  # wildcard certificate resolver
  certResolver: cloudflare
  domains:
    - main: "tld.com"
      sans:
        - "*.tld.com"
        - "*.local.tld.com"
        - "*.lab.tld.com"

I want to publish my files to github, so i would like to sanitize them by potentially using environment substitution. i saw a thread on v2 and substituting env variables on dynamic config, but this doesn't seem to work on the static config. anyone have any hints on how to sanizite these configs? I currently keep all environment variables in a hashicorp vault and have some scripts that create my .env files with all needed variables, so they are available in the containers.

2

The Traefik static config file is not processed by compose.

You can try to move your static config to command in compose file, check simple Traefik Swarm example.

Note you can only have one static config, so you would need to move full static config to compose file (doc).

1 Like
3

Thank you, i was afraid someone would say that, so i started converting my rather extensive config to commands. I really appreciate the help.

4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.