If you want security then lock-down your docker daemon. I use my docker daemon behind a Firewall through which I allow only a very few ports or ports that required SSH with a Private Key. Ansible, which I also use, is no more secure than whatever key gets used with your sshd_config. (You can configure SSH to allow only certain users to login and you can monitor the login activity and block whatever is not considered kosher.) My assertion is this: Docker is more useful than Ansible and Docker is more powerful than Ansible and Docker is easier to use than Ansible. Security does not come into the picture because “Security = Security”. What makes Ansible “secure” also makes the Docker Daemon “secure”. Also when I use Docker in line with my article I am doing so via SSH, so this is “secure”. Also consider this, my Ansible scripts have “root” permissions even though I have configured SSH on every end-point to disallow “root” logins. How can Ansible run as “root”? This seems unsecure to me. I installed Ansible as “root” but this should not give Ansible “root” permissions because Ansible is supposed to use SSH and nobody should be able to login to any of my Ansible end-points as “root”. Again, this seems less than secure to me. Docker, on the other hand, allows any Docker Container in which “root” permissions are assumed to gain “root” access in the host because the Docker Daemon is running as “root”? Again, no more of less “secure” than Ansible but perhaps more useful.