> For the complete documentation index, see [llms.txt](https://42-guide.gitbook.io/42-guide/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://42-guide.gitbook.io/42-guide/docker/volumes.md). # Volumes What are Docker Volumes? * Docker volumes are a way to store data **outside the container’s lifecycle**. * Think of volumes as a "USB drive" that you can plug into your container. The data is saved even if the container is deleted. *** #### **Why Use Volumes?** 1. Containers are **temporary**. If you delete a container, everything inside it is gone. 2. Volumes let you keep important data safe and separate from the container. *** #### **Key Steps Explained** **1. Create a Volume** ```bash docker volume create mydata ``` * This creates a volume named `mydata`. * It’s like creating a folder on your computer specifically for storing data. *** **2. Attach the Volume to a Container** ```bash docker run -d -v mydata:/app/data nginx ``` * **`-v mydata:/app/data`** means: * **`mydata`**: The volume name you created. * **`/app/data`**: The folder inside the container where the data will be accessible. * Now, any file saved to `/app/data` inside the container is actually stored in the `mydata` volume (outside the container). *** **3. Check Your Volumes** ```bash docker volume ls ``` * Shows all volumes currently available. ```bash docker volume inspect mydata ``` * Gives details about where the volume’s data is stored on your computer. *** #### **What Happens If You Delete the Container?** * If you delete the container (e.g., `docker rm `), the data in the volume is **NOT deleted**. * The volume (`mydata`) is **independent of the container** and can be reused. **For example**: * Create a new container and attach `mydata` again, and you’ll find your data still there. ```bash docker run -d -v mydata:/app/data nginx ``` *** #### **What If You Want to Delete the Volume?** * If you no longer need the volume, you can manually delete it: ```bash docker volume rm mydata ``` * Warning: Deleting the volume removes all data inside it, so use it carefully! *** #### **In Summary:** * **Containers are temporary, but volumes persist.** * Data stored in volumes is safe even if the container is deleted. * You can reuse volumes by attaching them to new containers. *** **How to make Volumes secure ?** Docker volumes themselves don’t have built-in features for securing or password-protecting data. However, you can take several measures to make your volume and its data more secure. Here are some options: *** #### **1. Use File System Permissions** You can control access to the volume by setting permissions on the host machine where the volume data is stored. * **Find the volume path**: ```bash docker volume inspect mydata ``` This shows the path to the volume on your host machine. * **Set permissions**: Use file system tools like `chmod` and `chown` to control who can read/write to the volume directory. ```bash sudo chmod 700 /path/to/volume sudo chown your_user:your_group /path/to/volume ``` *** #### **2. Use Encrypted Filesystems** Store the volume data in an encrypted directory or partition on the host system. * On Linux, you can use tools like **LUKS** (Linux Unified Key Setup) to encrypt the filesystem where the Docker volumes are stored. * If you're on Windows or macOS, you can use tools like **BitLocker** or **FileVault** for encryption. *** #### **3. Restrict Access to the Volume via Docker** Run your containers with **user permissions** instead of root. This ensures that the container has limited access to the volume. Example: ```bash docker run -d -u 1001 -v mydata:/app/data nginx ``` * `-u 1001`: Runs the container as a specific user with limited permissions. *** #### **4. Use Docker Secrets (for Sensitive Data)** If you want to manage sensitive information (like passwords, keys, etc.), consider using **Docker Secrets** instead of volumes. Steps: 1. Create a secret: ```bash echo "my_secret_password" | docker secret create my_secret - ``` 2. Attach the secret to a service (works with Docker Swarm): ```bash docker service create --name myservice --secret my_secret nginx ``` Secrets are stored encrypted and only accessible to the container during runtime. *** #### **5. Use Encrypted Volumes with Third-Party Plugins** You can use volume drivers or plugins that support encryption. For example: * **`rexray/s3fs`**: Store and encrypt volumes in S3. * **`docker-volume-crypt`**: A third-party plugin for encrypted Docker volumes. Steps to use a plugin like `docker-volume-crypt`: 1. Install the plugin: ```bash docker plugin install vieux/docker-volume-crypt ``` 2. Create an encrypted volume: ```bash docker volume create --driver vieux/docker-volume-crypt --name secure_volume ``` *** #### **6. Network Security (if using remote volumes)** If your volumes are stored on remote systems (e.g., NFS or cloud storage), make sure: * Data is transferred over encrypted connections (e.g., TLS, VPN). * Access to the storage system is password-protected and firewalled. *** #### **In Summary** * Docker volumes don’t natively support passwords, but you can secure them by: * Using file system permissions or encryption. * Managing sensitive data with Docker Secrets. * Using third-party plugins for encryption. * Restricting container user access. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://42-guide.gitbook.io/42-guide/docker/volumes.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.