-
Type:
Improvement
-
Resolution: Won't Fix
-
Priority:
Minor
-
Affects Version/s: COmanage Registry 3.2.4 (Oyster Pearl MR4)
-
Component/s: Packaging
-
None
Duncan Brown writes:
The containers make a copy of the certificates stored in the secret files, rather than using them directly. The reason is likely so that the various start.sh scripts can fix the ownership and permissions of these files. However, this means that to renew a cert the container must be stopped and restarted.
It is possible to set the permissions and ownership of a secret in the compose file. This currently works with stacks, but would require the use of stacks until secrets are implemented in the compose files until secrets are supported by compose docker/compose#6358
@skoranda I'm happy to implement this once docker/compose#6358 is fixed, if you agree.