Creating a docker swarm service with secret using docker api

Question

I'm working on creating a Docker service using dockerode, which is a wrapper around the Docker API. I'm having trouble understanding how to use the Secrets array when creating a service. The Docker documentation provides an example of what the Secrets array should look like for service creation, but I'm unsure how to use it effectively:

"Secrets": [{
    "File": {
        "Name": "www.example.org.key",
        "UID": "33",
        "GID": "33",
        "Mode": 384
    },
    "SecretID": "fpjqlhnwb19zds35k8wn80lq9",
    "SecretName": "example_org_domain_key"
}] 

Now, I would like to translate the following Docker Swarm CLI command into API calls:

docker service create --secret source=wall_1_pass,target=wallet_password

What values should I put in the Secrets array parameters to achieve this through the API?

Answer 1

If you have used AWS or K8s or Hashicorp you might be expecting a secret to be an array of key value pairs.

Docker swarm secrets are simply strings of text that are mounted as files.

To create a secret - assuming you do have a json file containing your secret material:

docker secret create my-secret ./my-secrets.json

Then, when using the secret it will be mounted - as a file - at /var/run/secrets/secret-name

e.g.

docker service create --name secret-test --secret my-secret alpine cat /run/secrets/my-secret
docker service logs secret-test