Return-Path: X-Original-To: apmail-aurora-dev-archive@minotaur.apache.org Delivered-To: apmail-aurora-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 6934510E70 for ; Wed, 18 Feb 2015 22:06:36 +0000 (UTC) Received: (qmail 26548 invoked by uid 500); 18 Feb 2015 22:06:31 -0000 Delivered-To: apmail-aurora-dev-archive@aurora.apache.org Received: (qmail 26497 invoked by uid 500); 18 Feb 2015 22:06:31 -0000 Mailing-List: contact dev-help@aurora.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@aurora.incubator.apache.org Delivered-To: mailing list dev@aurora.incubator.apache.org Received: (qmail 26480 invoked by uid 99); 18 Feb 2015 22:06:31 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Feb 2015 22:06:31 +0000 X-ASF-Spam-Status: No, hits=-1997.8 required=5.0 tests=ALL_TRUSTED,HTML_MESSAGE,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Wed, 18 Feb 2015 22:06:29 +0000 Received: (qmail 25591 invoked by uid 99); 18 Feb 2015 22:06:09 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Feb 2015 22:06:09 +0000 Received: from mail-qc0-f169.google.com (mail-qc0-f169.google.com [209.85.216.169]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id 16AB91A02BD for ; Wed, 18 Feb 2015 22:06:09 +0000 (UTC) Received: by mail-qc0-f169.google.com with SMTP id m20so3417432qcx.0 for ; Wed, 18 Feb 2015 14:06:08 -0800 (PST) X-Gm-Message-State: ALoCoQlMHgDwMcsBcwDt0KlwfP+b6/UVOZZ8Ztj4vieTzI25Cfn3arzo/oR5AYWl3LZRSKNxJ3RZ MIME-Version: 1.0 X-Received: by 10.229.65.133 with SMTP id j5mr5646789qci.27.1424297168347; Wed, 18 Feb 2015 14:06:08 -0800 (PST) Received: by 10.229.139.195 with HTTP; Wed, 18 Feb 2015 14:06:08 -0800 (PST) In-Reply-To: References: Date: Wed, 18 Feb 2015 14:06:08 -0800 Message-ID: Subject: Re: Getting secure data into Docker containers From: Bill Farner To: "dev@aurora.incubator.apache.org" Content-Type: multipart/alternative; boundary=001a11339d1ec64ab1050f640665 X-Virus-Checked: Checked by ClamAV on apache.org --001a11339d1ec64ab1050f640665 Content-Type: text/plain; charset=UTF-8 Mounts is the most lo fi approach that comes to mind. I'd be in support of patches to satisfy (part of) AURORA-1107 to fulfill this need (which would hopefully be distinct from another perspective on AURORA-1107 in which end-users of Aurora can request arbitrary mounts). -=Bill On Wed, Feb 18, 2015 at 1:19 PM, Hussein Elgridly < hussein@broadinstitute.org> wrote: > Aurorans, > > We have some secure data (think login credentials) that we need to access > from inside a Docker container launched by Aurora. I'm trying to figure out > the best approach for getting them inside the container, since baking them > into the image is a can of worms I don't want to open. > > The ideal solution would be to put the creds on the Mesos slaves and then > mount them on the container, but Aurora doesn't have the means to do this > yet. If the answer is "wait a week and AURORA-1107 will be done", then > great; but if not, anyone have any ideas? > > Thanks, > Hussein Elgridly > Senior Software Engineer, DSDE > The Broad Institute of MIT and Harvard > --001a11339d1ec64ab1050f640665--