Pass Docker secret as parameter inside Sonar.properties

SonarQube 7.9.4 LTS
Docker version: 1.31.1
OS version: RHEL7.6

Step Performed:
I am have created docker secret named as SONAR_JDBC_PASSWORD
Command:
docker secret create SONAR_JDBC_PASSWORD /home/snrqubed/sonar-properties-dev/sonarqube_secret.txt

Once secret is created then I passed the secret inside docker-compose.yml
Sample code of docker-compose.yml file

version: “3.3”
services:
app:
image: “sonarqube:v1”
ports:
- “9005:9000”
environment:
SONAR_JDBC_PASSWORD: /run/secrets/SONAR_JDBC_PASSWORD
secrets:
- SONAR_JDBC_PASSWORD
container_name: sonarqube-container
user: snrqubed
tty: true
secrets:
SONAR_JDBC_PASSWORD:
file: /home/snrqubed/sonar-properties-dev/sonarqube_secret.txt

Then I run this command
docker-compose up -d

So my container is up and running and secret is passed under container at below path /run/secrets/SONAR_JDBC_PASSWORD

When I try to cat /run/secrets/SONAR_JDBC_PASSWORD I can see the password.

In Sonar.Properties file I have parameterised the password.
sonar.jdbc.password=${env:SONAR_JDBC_PASSWORD}

When I go inside the container and type printenv command I can see value of environment variable as below
SONAR_JDBC_PASSWORD=/run/secrets/SONAR_JDBC_PASSWORD

So my issue is why docker secret SONAR_JDBC_PASSWORD is not read by sonar.properties file.
I want to pass SONAR_JDBC_PASSWORD secret to sonar.properties file.

Your help will be much appreciated…

Hi Vilas,

In SonarQube 7.9.4 LTS the right environment variable names for our official Docker Image are: SONARQUBE_JDBC_USERNAME, SONARQUBE_JDBC_PASSWORD and SONARQUBE_JDBC_URL as you can see in our official Docker Image. Note: this was changed to SONAR_ in v8.2 for better Docker support.

If using the mechanism above, you absolutely do not need to catch and pass the environment variable value in the sonar.properties file (it will be overridden anyways).

Hope it’s clearer now, regards,
Daniel

1 Like