You may have already read about Habitus, our open source project or attended one of the meetups we hosted in New York, San Francisco, Boston and London where Khash spoke about the project in more detail.
After receiving some great feedback from developers using the tool, we wanted to find a way to share the project with other Devs looking for Docker build flow solutions. So today, we're excited to announce that Habitus has been launched on Product Hunt.
What is Habitus and what problem does it solve?
For anyone not familiar with the project, Habitus is an open source, standalone build flow tool for creating Docker images based on their Dockerfile and a build.yml.
It helps developers combine multiple Dockerfiles into complex build and deployment workflows. It also helps with managing secrets like SSH keys inside built images
How do developers benefit from using Habitus?
There are a couple of different ways you can use Habitus.
If you’re into building Docker images, you’ll know that creating a Docker file is pretty straightforward. You create a base image, layer a bunch of things on top of it and then you’re good to go. But what if you have more complex build requirements?
Take the example of an app written in Go: it lives in a container and serves content to visitors based on the latest trending hashtags on Twitter. To get this app into a container, you need to build it with Go compile time libraries. This makes the image large, increasing the attack surface of your service.
Habitus solves this issue by compiling your Go app in one container with all compile-time dependencies, and then moves the compiled build artefacts to another smaller image with only the minimum packages required to run it.
In another scenario where you want to pull code from a private git repository, you’ll need a solution for how you provide access to your private SSH key during image build.
As a layer in your docker file, this requires an ‘add’ command in the docker file to include the SSH private key. But by doing that, you’ll end up exposing your SSH key for the world to see. the You need to take that layer out, or have a different method to pull your secrets from elsewhere. By using Habitus, the web server only exposes your secrets to the internal Docker network of your machine, and only for the duration of the build. No traces of your secrets are left behind in the image.
Check it out and let us know what you think
If you haven't yet had an opportunity to check out Habitus on Product Hunt, please get involved and let other Product Hunters know what you think.