locket 0.17.3

---
name: demo
services:
    locket:
        user: "1000:1000" #default is 65532:65532 if not provided
        image: ghcr.io/bpbradley/locket:latest
        security_opt:
            - no-new-privileges:true
        cap_drop:
            - ALL
        secrets:
            - op_token
        command:
            - "--provider=op-connect"
            - "--log-level=debug"
            - "--mode=park"
            - "--connect-token=file:/run/secrets/op_token"
            - "--secret=test_secret=op://Mordin/SecretPassword/password"
        environment:
            OP_CONNECT_HOST: $OP_CONNECT_HOST
        volumes:
            - ./secrets/templates:/templates:ro
            - secrets-store:/run/secrets/locket
    demo:
        image: busybox
        user: "1000:1000"
        command: ["cat", "/run/secrets/locket/test_secret"]
        depends_on:
            locket:
                condition: service_healthy
        volumes:
            - secrets-store:/run/secrets/locket
secrets:
    op_token:
        file: /etc/connect/token
volumes:
    secrets-store:
        driver: local
        driver_opts:
            type: tmpfs
            device: tmpfs
            o: uid=1000,gid=1000,mode=700