When working in development, we usually don't have a local swarm on our machine. But secrets only work in a swarm. So, what can we do? Well, luckily it is really simple. Due to the fact that secrets are treated as files, we can easily mount a volume that contains the secrets into the container to the expected location, which by default is at /run/secrets.
Assume that we have a folder ./dev-secrets on our local workstation. For each secret, we have a file called the same way as the secret name and with the un-encrypted value of the secret as content of the file. For example, we can simulate a secret called demo-secret with a secret value demo secret value by executing the following command on our workstation:
$ echo "demo secret value" > ./dev-secrets/sample-secret
We can then create a container that mounts this folder like this:
$ docker container run -d --name whoami \
-p 8000:8000 \
-v $(pwd)/dev-secrets:/run/secrets \
fundamentalsofdocker/whoami:latest
And the process running inside the container will not be able to distinguish these mounted files from ones originating from a secret. So, for example, the demo-secret is available as file /run/secrets/demo-secret inside the container and has the expected value demo secret value.
To test this, we can exec a shell inside the preceding container:
$ docker container exec -it whoami /bin/bash
And then navigate to the folder, /run/secrets and display the content of the file demo-secret:
/# cd /run/secrets
/# cat demo-secret
demo secret value