Simple Secrets Manager ships as a single unified image that contains:
- backend API (Flask) on port
5000 - frontend admin console (served by Nginx) on port
8080 - reverse proxy from
http://<host>:8080/apito backend
Primary registry:
ghcr.io/bearlike/simple-secrets-manager
Tag strategy from CI (.github/workflows/ci.yml):
- default branch push:
latest+ short SHA tag - branch push: branch-ref tag + short SHA tag
- semantic tag push (
vX.Y.Z):X.Y.Z,X.Y,X, and tag-ref - manual dispatch: optional custom extra tag
Use the repository docker-compose.yml directly:
./scripts/deploy_stack.shOpen:
- frontend:
http://localhost:8080 - backend via proxy:
http://localhost:8080/api - backend direct:
http://localhost:5000/api
If using prebuilt images:
docker compose pull
docker compose up -dIf running from source and rebuilding locally:
git pull
./scripts/deploy_stack.shCLI from anywhere:
uv tool install git+https://github.com/bearlike/Simple-Secrets-Manager.git
uv tool update-shell
ssm-cli --helpvolumes:
mongo_data:
services:
mongo:
image: mongo:4
restart: always
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: password
volumes:
- mongo_data:/data/db
ssm:
image: ghcr.io/bearlike/simple-secrets-manager:latest
restart: always
depends_on:
- mongo
ports:
- "8080:8080"
- "5000:5000"
environment:
CONNECTION_STRING: mongodb://root:password@mongo:27017
TOKEN_SALT: change-me
CORS_ORIGINS: http://localhost:8080,http://127.0.0.1:8080,http://localhost:5000,http://127.0.0.1:5000
BIND_HOST: 0.0.0.0
PORT: 5000CONNECTION_STRING: MongoDB URI for backend storageTOKEN_SALT: token hashing saltCORS_ORIGINS: comma-separated origins for direct backend accessBIND_HOST: backend bind host (default0.0.0.0)PORT: backend port inside container (default5000)VITE_API_BASE_URL: build arg used by frontend build in Docker (default/api)