For example I have a docker compose stack with a service and a db.
How do you handle the passwords? Is it better to store them in a .env file or is there something different entirely?
Also do the passwords have to be strong if the db is only available to the service through the docker network?
If the value is still passed as an environment variable in the end, it can be read via
/proc/:pid/environ
from another container or from the host if they are both using the same UID (or has--cap-add SYS_PTRACE
)Oh, didn't think about that. Well, at least it works.