Hi Robert,

I'm not security expert and I'm quite new in docker, but I think password in Docker container which will be in clear text saved somewhere should not be a problem, as far as you do not save this password to image or git and etc...

I think best way for you is to use docker secret and generate then config file for Kamailio using this docker secrets and then start Kamailio and for all of this you need to write some kind of Entrypoint script. Here is example how something similar do Homer Sipcapture, they set environment variables in docker-compose and then generate config file based on this, but you can use probably docker secrets instead of environment variables:

https://github.com/sipcapture/homer-docker/tree/master/kamailio

I found one more interesting link regarding docker secrets:

https://blog.mikesir87.io/2017/05/using-docker-secrets-during-development/

With kind regards,

Jurijs

On Thu, Nov 16, 2017 at 11:58 PM, Robert <robert@vooey.co.uk> wrote:

That’d presumably leave the clear text footprint I'm trying to avoid, albeit in a non-Kamailio file. I’ve made a start on an approach to read from a file, Docker secrets are basically just files, but the Docker platform handles them securely.

Thanks - Robert...

> On 16 Nov 2017, at 21:46, Bastian Triller <bastian.triller@gmail.com> wrote:
>
> isn't using a group in the db URL an option? Generate some .cnf in
> /etc/mysql/conf.d (or where MySQL searches its configuration in a
> Docker container) from the secret and use the group in your db URL in
> kamailio.cfg.
>
> http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419
> 97212

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users