Question 80427 in Docker Question posted in
The official documentation can be found here.

How to pass environment variable in docker compose up command?

I want to pass an environment variable in docker compose up command, but as far as I see it is only possible with docker compose run command as mentioned official documentation:

Set environment variables with docker compose run –env

Similar to docker run –env, you can set environment variables in a one-off container with docker compose run –env or its short form docker compose run -e:

docker compose run -e DEBUG=1 web python console.py

I a trying to integrate Spring Cloud Vault to a Spring Boot app and need to keep the token of the vault secure without using k8, etc. For this purpose, when I run the application, I can pass the environment variable (vault_token variable), but I also need to pass these variable when I run docker compose as shown below:

docker compose up -e vault_token=00000000-0000-0000-0000-000000000000 --build

So, how can I do this? Note that I do not want to read from .env file and just pass while running the command for security reason.

docker-compose.yml:

version: '3.8'

services:
  vault:
    container_name: vault
    image: vault
    restart: always
    environment:
      VAULT_DEV_LISTEN_ADDRESS: '0.0.0.0:8200'
#      VAULT_DEV_ROOT_TOKEN_ID: 00000000-0000-0000-0000-000000000000
      VAULT_DEV_ROOT_TOKEN_ID: ${vault_token}
    ports:
      - '8200:8200'
    volumes:
      - ./volumes/logs:/vault/logs
      - ./volumes/file:/vault/file
      - ./volumes/config:/vault/config
    cap_add:
      - IPC_LOCK

Note: I use Windows 11

Tags:

2

Answers


  1. 0

    just pass while running the command for security reason

    This puts your token in your shell history, which should not be considered secure… Thus, why .env file would be preferred.

    But you could also use interpolation instead.

    env:
  - MY_VARIABLE

    or

    env:
  MY_VARIABLE: ${MY_VARIABLE}

    With

    MY_VARIABLE=foobar docker compose up

    or (assuming linux)

    export MY_VARIABLE=foobar
docker compose up

    Note that these also expose your token as plaintext in your terminal history, however. To work around this, you could source an external file, or wrap docker compose up in a script.

    If you were to use Kubernetes, however (or even, Nomad), then Vault secrets can be mounted as direct environment variables to containers, and therefore your code does not need to use Vault API directly, at all, therefore does not require a token.

    Login or Signup to reply.
  2. 0

    The var in the "environment" session, will be used inside of container. If u need set a variable inside container, its fine.

    To use variables of system while docker compose deploy the container, just only call it:

    Define your environment variable vault_token in the system(Linux):

    export vault_token="Token12345"

    Get the variable in the docker compose file, for example in the command session:

    command: server -dev -dev-root-token-id=${vault_token}
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search