Docker Pass vs Docker Secret: What Is the Difference? —…
    Neura MarketNeura Market/Stable Diffusion
    ChatGPTChatGPTClaudeClaudeGeminiGeminiCursorCursorGrokGrokPerplexityPerplexityStable DiffusionStable Diffusion
    DeepSeekDeepSeekCoPilotCoPilotMidjourneyMidjourney
    View All Directories
    OverviewPromptsBlogVideosGuidesCoursesCommunityModelsLoRAsComfyUI WorkflowsTrending
    Stable DiffusionBlogDocker Pass vs Docker Secret: What Is the Difference?
    Back to Blog
    Docker Pass vs Docker Secret: What Is the Difference?
    cli

    Docker Pass vs Docker Secret: What Is the Difference?

    Sujay Pillai June 9, 2026
    0 views

    If you have been working with Docker secrets locally, you may have noticed two commands that sound...

    If you have been working with Docker secrets locally, you may have noticed two commands that sound similar but behave very differently: docker pass and docker secret.

    At first glance, both appear to solve the same problem: keeping sensitive values such as API keys, tokens, and database passwords out of your source code. But they are designed for different environments and different workflows.

    The short version is this:

    docker pass is a local developer secret helper. docker secret is Docker Swarm's built-in runtime secret mechanism.

    Let's unpack the difference.

    What is docker pass?

    docker pass is a Docker CLI plugin for managing local secrets. It stores secrets in your local machine's keychain or secret store, then lets Docker inject those secrets into containers.

    A simple example:

    docker pass set GH_TOKEN=abc123
    

    Then you can pass that secret into a container:

    docker run -e GH_TOKEN= busybox env
    

    Or explicitly map a stored secret to a different environment variable name:

    docker run -e GITHUB_TOKEN=se://GH_TOKEN busybox env
    

    Conceptually, this flow looks like:

    local keychain -> docker pass -> container environment variable
    

    This makes docker pass useful for local development, demos, and developer workstations where you want to avoid putting secrets in shell history, .env files, or Compose files.

    What is docker secret?

    docker secret is Docker's built-in secret feature for Docker Swarm.

    You create a secret like this:

    printf "abc123" | docker secret create gh_token -
    

    Then attach it to a Swarm service:

    docker service create \
      --name demo \
      --secret gh_token \
      busybox \
      sleep 3600
    

    Inside the container, the secret is exposed as a file:

    /run/secrets/gh_token
    

    Conceptually, the flow is:

    Docker Swarm encrypted secret store -> service container file
    

    This is not meant for regular one-off docker run containers. It is designed for Swarm-managed services.

    Side-by-side comparison

    Areadocker passdocker secret
    Primary use caseLocal development secretsDocker Swarm service secrets
    Storage locationLocal OS keychain or local secret storeSwarm encrypted Raft store
    ScopeSingle developer machineSwarm cluster
    Works with docker runYesNot directly
    Works with Docker ComposeYes, with se://... references where supportedMostly with Swarm stack deployments
    Runtime exposureUsually environment variablesFiles under /run/secrets/...
    Best fitLocal dev and demosSwarm-based deployments

    The biggest practical difference

    If you are running containers like this:

    docker run ...
    

    then docker pass is usually the better fit.

    If you are running services like this:

    docker service create ...
    docker stack deploy ...
    

    then docker secret is the right Docker-native option.

    That distinction matters because docker secret depends on Swarm. If you are not using Swarm, you generally will not get much value from docker secret.

    Security considerations

    docker secret is usually safer at runtime because secrets are mounted as files rather than passed as environment variables. Environment variables can be easier to expose accidentally through logs, diagnostics, crash dumps, process inspection, or application telemetry.

    That does not mean docker pass is bad. It just means it is solving a different problem. It helps developers avoid hardcoding secrets locally, but once those secrets are injected as environment variables, your application still needs to treat them carefully.

    A good rule of thumb:

    • Use docker pass to improve local developer experience.
    • Use platform-native secret integration for production.
    • Avoid long-lived secrets in environment variables when a better runtime option exists.

    Which one should you choose?

    Use docker pass when:

    • You are working locally.
    • You use docker run or local Compose workflows.
    • You want to avoid storing secrets in plain-text files.
    • You want a lightweight way to inject secrets into containers.

    Use docker secret when:

    • You are using Docker Swarm.
    • You deploy services with docker service create or docker stack deploy.
    • You want secrets mounted as files under /run/secrets.
    • Your runtime is managed by Swarm.

    Final takeaway

    The names are similar, but the responsibilities are different.

    docker pass is about making local secret handling easier for developers. docker secret is about distributing secrets securely to Swarm services.

    And when you are running production workloads on Azure, Azure Key Vault and Managed Identity should be the preferred foundation.

    A simple mental model:

    Local Docker development: docker pass
    Docker Swarm services: docker secret
    Azure production workloads: Azure Key Vault + Managed Identity
    

    Choose the tool based on where the container is running, not just based on the word "secret" in the command name.

    Tags

    clidevopsdockersecurity

    Comments

    More Blog

    View all
    Context bankruptcy: The case for strategic forgetting for AI Agentsai

    Context bankruptcy: The case for strategic forgetting for AI Agents

    Most of us have seen a coding agent fail to complete a task we know it can do. We just don't...

    J
    James O'Reilly
    Parallel Compliance Engine: Drive-to-Sheets Multi-Agent Orchestrationgooglecloud

    Parallel Compliance Engine: Drive-to-Sheets Multi-Agent Orchestration

    When building Generative AI applications, developers often encounter a massive bottleneck: sequential...

    A
    Aryan Irani
    Is It Ethical to Post and Ask About Circuits on Dev.to?discuss

    Is It Ethical to Post and Ask About Circuits on Dev.to?

    I’ve been thinking about sharing some electronic circuit posts on Dev.to — small circuits, DIY...

    C
    codebunny20
    The One-Click Exporter: AI Studio Antigravity, Probed to Its Limitsagents

    The One-Click Exporter: AI Studio Antigravity, Probed to Its Limits

    What nobody tells you about exporting your multi-agent prototype to a local workspace. Every...

    L
    leslysandra
    Guarding the till while autonomous data agents do the diggingagenticarchitect

    Guarding the till while autonomous data agents do the digging

    Autonomous agents are genuinely good at answering messy business questions. Give one an LLM and a set...

    S
    Sireesha Pulipati
    Return on Attention: Why AI Code Reviews Are Wearing Us Outai

    Return on Attention: Why AI Code Reviews Are Wearing Us Out

    PR volume went up, ticket quality didn't, and the gap got filled with LLMs on both sides of the review: bots reviewing, bots replying, bots occasionally arguing with bots about priorities that only existed in a teammate's head. Our CEO named the actual problem, and it's bigger than code review.

    C
    christine

    Stay up to date

    Get the latest Stable Diffusion prompts, rules, and resources delivered to your inbox weekly.

    Neura Market LogoNeura Market

    Discover the best AI prompts, plugins, and resources for Stable Diffusion and more.

    Content Types

    • Rules
    • Prompts
    • MCPs
    • Agents
    • Guides

    Platforms

    • ChatGPT Directory
    • Claude Directory
    • Gemini Directory
    • Cursor Directory
    • Grok Directory
    • Perplexity Directory
    • DeepSeek Directory
    • CoPilot Directory
    • Stable Diffusion Directory
    • Midjourney Directory
    • All Directories

    Resources

    • Blog
    • Documentation
    • Help Center
    • Marketplace

    Legal

    • Privacy Policy
    • Terms of Service

    © 2026 Neura Market. All rights reserved.

    |

    Not affiliated with any AI platform vendors.

    Ready-made automations for this

    Workflows from the Neura Market marketplace related to this Stable Diffusion resource

    • Automate GitHub Releases with Telegram Commandsn8n · $18.86 · Related topic
    • Working with Excel Spreadsheet Files in N8Nn8n · $14.99 · Related topic
    • Automate Slack Commands with Sticky Notes and Webhook Integrationn8n · $9.99 · Related topic
    • Siri AI Agent: Enhance Your Voice Commands with AI Integrationn8n · $7.3 · Related topic
    Browse all workflows