Portainer Documentation
Official WebsiteKnowledge BaseGet 5 Nodes of BE Free
Search…
BE 2.7
Welcome
Release Notes
Getting Started
Introduction
Portainer architecture
Requirements and prerequisites
Install Portainer BE
Upgrading Portainer
Using Portainer
Docker/Swarm
Dashboard
App Templates
Stacks
Services
Containers
Images
Networks
Volumes
Configs
Secrets
Add a secret
Remove a secret
Events
Host
Swarm
Kubernetes
Azure ACI
Edge Compute
Administering Portainer
Users
Endpoints
Registries
Licenses
Authentication logs
Settings
Frequently Asked Questions
Portainer Concepts
Installing
Upgrading
Troubleshooting
Contributing
Advanced Topics
CLI configuration options
App templates
The Portainer Edge Agent
Access control
Reset the admin user's password
Security and compliance
Using SSL with Portainer
Using Portainer with reverse proxies
Helm chart configuration options
Kubernetes roles and bindings
Deprecated and removed features
API
API documentation
API usage examples
Get More Help
YouTube
Open a support request
Contribute to Portainer
Contribute
Powered By GitBook
Secrets
The Secrets menu is only available to Docker Swarm endpoints.
A secret is a blob of data, such as a password, SSH private key, SSL certificate, or another piece of data that should not be transmitted over a network, stored unencrypted in a Dockerfile, or stored in your application’s source code. In Docker 1.13 and later, you can use Docker Secrets to centrally manage this data and securely transmit it only to those containers that need access to it.
Secrets are encrypted during transit and at rest in a Docker Swarm. A given secret is only accessible to those services which have been granted explicit access to it, and only while those service tasks are running.
You can use secrets to manage any sensitive data that a container needs at runtime, but you don’t want to store in the image or in source control, such as:
  • Usernames and passwords.
  • TLS certificates and keys.
  • SSH keys.
  • Other important data such as the name of a database or internal server.
  • Generic strings or binary content (up to 500Kb in size).
For less sensitive data or larger content, see configs.
In Portainer you can add and remove secrets for use in deployments.
Previous
Remove a config
Next
Add a secret
Last modified 10mo ago
Copy link
Edit on GitHub