portainer_datavolume created during installation. This database can be encrypted for additional security through the use of a secret provided when the Portainer Server is started. Encryption can be added during the initial installation or at a later date.
/root/secrets/portainer_key. In this file enter a secret. This will be the key used to encrypt the Portainer database.
docker runcommand that mounts your secret in
docker runcommand may look like this:
This is a secretwith your secret. This will create a secret named
portainer_key, which will be the key used to encrypt the Portainer database.
portainer_keysecret created earlier. With the secret added, your full
portainerservice definition may look like this:
IAmASecretKeywith your secret. This will create a secret named
portainer-key, which will be the key used to encrypt the Portainer database.
containerdefinition for the
portainercontainer. It should look something like this:
volumeMountssection, add a definition for the secret created earlier:
volumesdefinition for the
portainer.yamlwith the name of your modified YAML file.