0

Im want to paste environment variables, which contain passwords for AWS services, through the docker-compose command.

Tried to find a solution, but i find only answers suggesting to use the .env file. This isnt a solution for me, as the file will still contain sensitive informations and will be pushed to git.

One part of the docker-compose.yml looks like this:

example.server:
image: ${DOCKER_REGISTRY-}exampleserver
container_name: exampleserver
build:
  context: ..
  dockerfile: src/Web/Example.Server/Dockerfile
  args:
    ARTIFACTORY_USERNAME: ARTIFACTORY_USERNAME
    ARTIFACTORY_PASSWORD: ARTIFACTORY_PASSWORD

We paste the artifactory args through the docker-compose command line:

docker-compose --profile test build --build-arg ARTIFACTORY_USERNAME="some username" --build-arg ARTIFACTORY_PASSWORD="some password"

Now i added the environments to the yml file:

example.server:
image: ${DOCKER_REGISTRY-}exampleserver
container_name: exampleserver
build:
  context: ..
  dockerfile: src/Web/Example.Server/Dockerfile
  args:
    ARTIFACTORY_USERNAME: ARTIFACTORY_USERNAME
    ARTIFACTORY_PASSWORD: ARTIFACTORY_PASSWORD
environment:
    - AWSKey=someKey
    - AWSBucketName=someName
    - AWSSecretKey=someSecretKey

This works. The environment variables can be seen in example.server when docker has build the image.

But as the keys are hardcoded inside the docker-compose.yml, i want to paste them through the docker-compose command. The same way, we are pasting the password for the artifactory.

Is it possible?

Improve this question
3
  • Do the answers to What is the best way to pass AWS credentials to a Docker container? help you? This includes an example of passing through environment variables from the host, and I think this shorter syntax also works in Compose. You should do something similar with your Artifactory credentials – do not compromise them by publishing them in your image. Commented Mar 9, 2023 at 13:50
  • @DavidMaze thanks. I already had a look at the answers from the first two links before. The syntax -e, which you mention in your third link, does not work in docker-compose command. Also tried it. Commented Mar 9, 2023 at 14:11
  • Not the docker run -e option per se, but you can put a variable name with no value in an environment: list and it will be passed through from the host. Commented Mar 9, 2023 at 14:28

1 Answer 1

Reset to default
0

This is working:

example.server:
image: ${DOCKER_REGISTRY-}exampleserver
container_name: exampleserver
build:
  context: ..
  dockerfile: src/Web/Example.Server/Dockerfile
  args:
    ARTIFACTORY_USERNAME: ARTIFACTORY_USERNAME
    ARTIFACTORY_PASSWORD: ARTIFACTORY_PASSWORD
environment:
  - AWSKey
  - AWSBucketName=SomeAWSBucketName
  - AWSSecretKey

The BucketName value is not sensitive information so i added it directly to the Docker-Compose.yml file. For the other 2 environments im using this command:

docker-compose --profile test build --build-arg ARTIFACTORY_USERNAME="SOME USERNAMER" --build-arg ARTIFACTORY_PASSWORD="SOME PASSWORD"  --build-arg AWSAccessKey="SOME AWSACCESSKEY" --build-arg AWSSecretAccessKey="SOME AWSSECRETACCESSKEY"  --build-arg LOCAL_CONTAINERS=True
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.