Emmanuel Frécon
by Emmanuel Frécon
1 min read

As my PR has now been merged, the latest official Grafana Docker image (still in beta) has now support for Docker secrets. Using this version, you should be able to write stack files similar to the following (shortened) one, provided you have the password for the main administation user stored in the file at config/grafana/admin.pwd.

version: '3.3'

services:
  grafana:
    image: grafana/grafana:5.2.0-beta1
    environment:
      - GF_SECURITY_ADMIN_PASSWORD_FILE=/run/secrets/admin.pwd
    deploy:
      restart_policy:
        delay: 10s
        max_attempts: 10
        window: 60s
      replicas: 1
    logging:
      driver: "json-file"
      options:
        max-size: "1m"
        max-file: "10"
    healthcheck:
      test: curl --fail http://localhost:3000/ || exit 1
      interval: 1m
      timeout: 10s
      retries: 3
    secrets:
      -
        source: admin-passwd
        target: /run/secrets/admin.pwd
        mode: 0444

secrets:
  admin-passwd:
    file: config/grafana/admin.pwd

For any environment variable that starts with GF_ and ends with _FILE, the Grafana Docker image will read the content of the file that it points at and arrange for the environment variable with the same name but without the trailing _FILE to be set before the main grafana process is started. Using a trailing _FILE is in line with other official images such as postgres or wordpress for example.