Docker Introduces Secrets Management

Docker's latest update helps enterprise customers protect their secrets.

An update released Thursday for Docker Datacenter, the container-tech pioneer's commercial offering, implements a container-native framework for controlling access to sensitive information like API keys, encryption keys and passwords, along with a security scanning feature that can detect vulnerabilities and bugs.

The new feature for managing access-control secrets, architected to facilitate large container deployments, can deliver those protected pieces of information to specific, authorized containers in a cluster.

[Related: Get On Board: Docker's Channel Maturity Unlocks The Container Tech Opportunity]

Secrets management makes it easier to secure applications for all teams that participate in the DevOps lifecycle, according to Docker.

Will Kinard, CTO of BoxBoat, a Docker partner based in Washington, D.C., told CRN the password-protection capabilities make it possible for partners to offer enterprises secure end-to-end solutions through container deployments. Before it was necessary to use third-party tools that could expose secrets to prying eyes, he said.

"This is providing access to secrets to the containers that need it, and depriving it to containers that don’t," Kinard said. "This was a challenge before it was built into the platform. We had to pass in passwords in the clear without encryption."

The repository of secret credentials is integrated directly into the Docker Swarm cluster orchestrator, storing encrypted key-value pairs—login credentials, private keys, database passwords—that can be accessed by the proper containerized applications, like a web application that needs to glean information from a database.

Docker, in its latest Datacenter release, also introduced a new security feature that can scan Docker images and cross-check them against databases of malicious code.

That feature can identify potential security vulnerabilities, as well as less malicious bugs, Kinard said.

The secrets management and scanning capabilities address key concerns for enterprise customers, he told CRN.

Even those "new to Docker still bring it up and ask about these types of features," Kinard said. "It's very important for partners to be able to market these types of capabilities."

Docker launched its first formal channel program last year around Datacenter, its first commercial product that delivers what the startup describes as Containers-as-a-Service to enterprise customers.