START HERE

Get Running in 5 Minutes

Six steps from installation to your first rotation. Docker Compose users can be productive immediately.

1

Install DSO

Get the DSO binary on your system

bash
curl -fsSL https://raw.githubusercontent.com/docker-secret-operator/dso/main/scripts/install.sh | bash
2

Create docker-compose.yml

Define your application with health checks

bash
version: '3.8' services: app: image: myapp:latest environment: - DB_PASSWORD=${DB_PASSWORD} healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080/health"] interval: 5s
3

Create dso.yaml

Configure DSO for your application

bash
vault: type: local path: ~/.dso/vault.enc services: - name: app container: app secrets: - DB_PASSWORD healthChecks: enabled: true timeout: 30s
4

Initialize vault

Create encrypted local vault and set passphrase

bash
dso init
5

Add your first secret

Store a secret safely

bash
dso secret set DB_PASSWORD "your-database-password"
6

Run with DSO

Start your application with automatic secret rotation

bash
dso up -f docker-compose.yml

What's Next?

Configure a provider: AWS, Azure, Vault, or local vault
Enable health checks: Ensure safe rotation validation
Test rotation: Verify secrets update without downtime
Deploy to production: Apply to your real workloads

Common Scenarios

Jump to what you need. Each scenario guides you to the right documentation.

Database Credentials

Rotate database passwords without restart

Docs: Providers → Configure your database provider

API Keys

Keep API keys fresh and update automatically

Docs: Operations → Set up health checks for API endpoints

TLS Certificates

Update SSL certificates before expiration

Docs: Architecture → Understand validation flow

Recovery After Failure

Recover automatically from crashes and errors

Docs: Operations → Troubleshooting guide