I'm working on a Docker image that bundles Apache with PHP7 and uses msmtp for Sendgrid integration. The reason I like msmtp is there is no separate running process so it bundles nicely without need for an SMTP container.
That said, the configuration for msmtp looks like this
account sendgrid
host smtp.sendgrid.net
port 587
auth on
user apikey
password YOUR_API_KEY
from FROM@YOURDOMAIN.TLD
Ideally, the file will be all there with the values for YOUR_API_KEY and FROM@YOURDOMAIN.TLD somehow passed to the container at runtime.
Now I'm considering options for how to go about writing my Dockerfile... Given that I intend to run the container inside a pod on Kubenetes on Google Cloud Platform might impact this decision.
I've found out about things such as build time args (ARG), environment variables (ENV) and the like, in this great article.
It looks like build args would be a poor choice here based on the warning from the docker docks
Warning: It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command.
Given all of this, what's the best approach to create an image that will allow the credentials to be passed at runtime? I also still need to figure out a way to pass those arguments into the file when the container starts... Or should I forget all of this and just COPY the msmtp config in it's entirety for each client? That sounds a bit disastrous!
