locket 0.12.0-rc0

---
name: demo
services:
  locket:
    user: "1000:1000" #default is 65532:65532 if not provided
    image: ghcr.io/bpbradley/locket:latest
    security_opt:
      - no-new-privileges:true
    cap_drop:
      - ALL
    secrets:
      - op_token
    command:
      - "--provider=op-connect"
      - "--log-level=debug"
      - "--mode=park"
      - "--connect.token-file=/run/secrets/op_token"
      - "--secret=test_secret=op://Mordin/SecretPassword/password"
    environment:
      OP_CONNECT_HOST: $OP_CONNECT_HOST
    volumes:
      - ./secrets/templates:/templates:ro
      - secrets-store:/run/secrets
  demo:
    image: busybox
    user: "1000:1000"
    command: ["cat", "/run/secrets/test_secret"]
    depends_on:
      locket:
        condition: service_healthy
    volumes:
      - secrets-store:/run/secrets
secrets:
  op_token:
    file: /etc/connect/token
volumes:
  secrets-store:
    driver: local
    driver_opts:
      type: tmpfs
      device: tmpfs
      o: uid=1000,gid=1000,mode=700