Skip to main content

CV-M005: Undefined secret reference

Error Semantic

Why This Matters

A service references a secret that is not defined in the top-level secrets section. Docker Compose requires all secrets used by services to be declared at the top level with either a file path or an external flag. Without a matching top-level declaration, Compose will fail at startup with a "secret not found" error.

How to Fix

Define the referenced secret in the top-level secrets section.

Before (incorrect)

services:
  web:
    secrets:
      - db_password
# No top-level secrets defined

After (correct)

services:
  web:
    secrets:
      - db_password
secrets:
  db_password:
    file: ./secrets/db_password.txt

Rule Details

Rule Code
CV-M005
Severity
Error
Category
Semantic

Related Rules

CV-M001 Error

Duplicate exported host ports
CV-M002 Error

Circular depends_on chain
CV-M003 Error

Undefined network reference
CV-M004 Error

Undefined volume reference
CV-M006 Error

Undefined config reference