Andrey Ovcharov

Professional Software Engineer and hobbyist Hardware enthusiast

Andrey Ovcharov

Use docker secrets in Django application

Recently I needed to deploy a Django application to Docker Swarm and I wanted to used built-in feature to store secrets. Setting the secrets is pretty easy just following the docker documentation:

openssl rand -base64 40 | docker secret create django_secret -

The secrets have to be declared in docker-compose.yml to be available in the container.

version: "3.8"

    command: gunicorn wsgi:application --bind
      SECRET_KEY: /run/secrets/django_secret
      - django_secret

    external: true

The value of the secret is available in the container as a content of the file /run/secrets/django_secret. The file needs to be updated with a simple function to read the value of the secret either from environment variable or the file.

import os

def get_secret(key, default):
    value = os.getenv(key, default)
    if os.path.isfile(value):
        with open(value) as f:
    return value

SECRET_KEY = get_secret("SECRET_KEY", "")

Using this approach the secrets can be declared either as an environment variable or a docker secret which is very convenient both for development and production deployments.