With the recent release of a preview version of SQL Server for Linux and Docker, Microsoft has made it relatively easy to run SQL Server on a non-Windows platform. For example, to install and run SQL Server v.Next on Docker, according to Microsoft’s directions, you would:
- Pull the Docker image from Docker Hub
- Run the Docker image using the following command
docker run –e 'ACCEPT_EULA=Y' –e 'SA_PASSWORD=<Strong!Passw0rd>' -p 1433:1433 -d microsoft/mssql-server-linux
Now the accepted practice to set credentials in the stateless container is to use environment variables. You can see this in the -e parameter ‘SA_PASSWORD=<Strong!Passw0rd>’.
The potential problem with this approach is that the SA credentials will appear in the bash history. Not only this, but the credentials will also show in the output of the ps command (used to list running applications). This effectively exposes the Super User account to any admin with access to the host machine.
Be very careful as you evaluate this SQL Server preview to make sure your are installing SQL Server is securely as possible as you prepare for implementing this product in your production environment in the coming year.