Volumes - persistent data storage - what are they and how to use them
Docker - Overview and how to use it
2 min read
This section is 2 min read, full guide is 45 min read
Published Jul 13 2025
12
Show sections list
0
Log in to enable the "Like" button
0
Guide comments
0
Log in to enable the "Save" button
Respond to this guide
Guide Sections
Guide Comments
CLIContainersDevOpsDockerImagesNetworksVolumes
A Docker volume is a persistent storage mechanism managed by Docker that allows data to persist outside the container’s writable layer. Volumes are stored on the host file system, and can be shared across containers.
Why Use Volumes?
- Persistent data: Survives container restarts and removal.
- Isolation: Data is decoupled from the container image.
- Sharing: Volumes can be mounted into multiple containers.
- Performance: Better performance than bind mounts in most cases.
- Portability: Easily managed via Docker CLI and Docker Compose.
Volume types
- Named volume - Created and managed by Docker, stored under
/var/lib/docker/volumes/. Ideal for production use. - Anonymous volume - Not given a specific name. Automatically created and harder to manage (used when just mounting a directory).
- Bind mount - Mounts a specific path from the host into the container. More manual and less portable than volumes.
Creating and Mounting Volumes
CLI Example:
docker volume create mydata
docker run -v mydata:/app/data my-image
Copy to Clipboard
Compose example:
services:
web:
image: my-image
volumes:
- mydata:/app/data
volumes:
mydata:
Copy to Clipboard
Are Volumes Encrypted?
By default, Docker volumes are not encrypted.
If You Need Encryption:
- Use file system-level encryption on the Docker host (e.g., LUKS or eCryptfs on Linux).
- Or, mount an encrypted file system inside the container.
- Or, use external storage drivers that support encryption (e.g., cloud volume plugins).
Volume Security Considerations
- Volumes are shared on the host, so ensure only trusted containers/users have access.
- No built-in volume encryption or access control.
- Avoid mounting sensitive directories via bind mounts (e.g.,
/etc,/root). - Use read-only mounts if a container only needs to read data:
docker run -v mydata:/data:ro my-image
Copy to Clipboard
Create a volume
docker volume create [name]
Copy to Clipboard
List volumes
docker volume ls
Copy to Clipboard
Inspecting a volume
docker volume inspect mydata
Copy to Clipboard
You’ll get metadata like:
[
{
"Name": "mydata",
"Mountpoint": "/var/lib/docker/volumes/mydata/_data",
"Driver": "local"
}
]
Removing volumes
Remove unused volume:
docker volume rm [name]
Copy to Clipboard
Remove all unused volumes:
docker volume prune
Copy to Clipboard
Volumes vs bind mounts
Feature | Volume | Bind mount |
Managed by Docker | Yes | No (managed manually) |
Stored under Docker dir | Yes ( | Uses arbitrary host path |
Backups supported | Easily | Manual |
Security | More secure | Host path exposure |
Portability | More portable | Host-specific |
Products from our shop
Docker Cheat Sheet - Print at Home Designs
Docker Cheat Sheet Mouse Mat
Docker Cheat Sheet Travel Mug
Docker Cheat Sheet Mug
Vim Cheat Sheet - Print at Home Designs
Vim Cheat Sheet Mouse Mat
Vim Cheat Sheet Travel Mug
Vim Cheat Sheet Mug
SimpleSteps.guide branded Travel Mug
Developer Excuse Javascript - Travel Mug
Developer Excuse Javascript Embroidered T-Shirt - Dark
Developer Excuse Javascript Embroidered T-Shirt - Light
Developer Excuse Javascript Mug - White
Developer Excuse Javascript Mug - Black
SimpleSteps.guide branded stainless steel water bottle
Developer Excuse Javascript Hoodie - Light
