Skip to content

docs: fix misleading secrets long syntax target description#25038

Open
mohithshuka wants to merge 5 commits into
docker:mainfrom
mohithshuka:fix/secrets-long-syntax-target-description
Open

docs: fix misleading secrets long syntax target description#25038
mohithshuka wants to merge 5 commits into
docker:mainfrom
mohithshuka:fix/secrets-long-syntax-target-description

Conversation

@mohithshuka
Copy link
Copy Markdown
Contributor

@mohithshuka mohithshuka commented May 12, 2026

What changed

Removed the incorrect claim that target in the secrets long syntax
accepts an absolute path for an alternate mount location.

Why

The target field only accepts a filename, which gets mounted under
/run/secrets/<target>. Specifying an absolute path is a Docker Swarm
feature and is not supported in Docker Compose standalone. This
was misleading users into thinking they could mount secrets at arbitrary
paths in Compose.

Related issue

Fixes #25035

mohithshuka and others added 5 commits March 19, 2026 16:29
@mohithshuka
docs: add concept diagrams to what-is-a-container page
e45c54b 
Closes docker#23256

- Added container architecture diagram showing isolated containers
  sharing the host OS kernel
- Added containers vs VMs comparison diagram highlighting the
  absence of a Guest OS in containers
fix: correct chown argument order in Compose lifecycle hooks example
8b2ce2a 
The post_start example had chown arguments in wrong order.
Correct syntax is: chown -R [owner:group] [path]

Fixes docker#24853
fix(compose): use CMD-SHELL with || exit 1 in healthcheck examples
008eaf6 
The previous examples used CMD (exec form) with curl but without
|| exit 1. Since CMD uses exec format, shell operators like || are
not available, meaning a non-zero curl exit code may not correctly
propagate as unhealthy. CMD-SHELL runs via /bin/sh so || exit 1
works as expected.

Fixes docker#23077
revert: remove unrelated lifecycle and diagram changes from PR scope
8ce7ace
docs: fix misleading secrets long syntax target description
a4e8843 
The target field description incorrectly stated that an absolute path
could be used for an alternate location. This is a Swarm-only feature
and is not supported in Docker Compose standalone.

Fixes docker#25035
Copilot AI review requested due to automatic review settings May 12, 2026 12:24
@netlify
Copy link
Copy Markdown

netlify Bot commented May 12, 2026
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit a4e8843
🔍 Latest deploy log https://app.netlify.com/projects/docsdocker/deploys/6a031bfded102a000899b91b
😎 Deploy Preview https://deploy-preview-25038--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions github-actions Bot added area/compose Relates to docker-compose.yml spec or docker-compose binary area/get-started Relates to get started and onboarding docs labels May 12, 2026
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates Docker documentation to correct an inaccurate statement about Compose secrets long syntax, and also includes additional doc edits in unrelated sections.

Changes:

  • Remove the claim that secrets.target supports absolute paths in the services reference.
  • Update healthcheck.test examples to use CMD-SHELL with an explicit || exit 1.
  • Add two conceptual diagrams to the “What is a container?” get-started page.

Reviewed changes

Copilot reviewed 2 out of 4 changed files in this pull request and generated 2 comments.

File Description
content/reference/compose-file/services.md Adjusts secrets long-syntax target description; updates healthcheck example commands.
content/get-started/docker-concepts/the-basics/what-is-a-container.md Adds architecture/comparison diagrams to support conceptual explanation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread content/reference/compose-file/services.md
```yml
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost"]
test: ["CMD-SHELL", "curl -f http://localhost || exit 1"]
Comment thread content/reference/compose-file/services.md
Comment on lines 1923 to 1926
- `source`: The name of the secret as it exists on the platform.
- `target`: The name of the file to be mounted in `/run/secrets/` in the
service's task container, or absolute path of the file if an alternate location is required. Defaults to `source` if not specified.
service's task container. Defaults to `source` if not specified.
- `uid` and `gid`: The numeric uid or gid that owns the file within
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/compose Relates to docker-compose.yml spec or docker-compose binary area/get-started Relates to get started and onboarding docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Misleading example in Secrets Long Syntax

2 participants

@mohithshuka