Home > database >  How to hide env variables from docker file
How to hide env variables from docker file

Time:12-15

I have a Dockerfile ,to deploy node js app with some secret api keys ,that I want to hide from the docker file. Currently I am using ENV keyword to define env variables like below

FROM node:17
WORKDIR /usr/app
COPY package.json /usr/app/
RUN npm install
COPY . /usr/app
ENV TWILIO_ACCOUNT_SID=""
ENV TWILIO_AUTH_TOKEN="" 
ENV OTP_TEXT="This is your Otp" 
ENV TWILLIO_SENDER=99999
ENV PORT=8080 
ENV DB_URL=""
ENV JWT_SECRET="Some Secrete" 
ENV JWT_EXPIRES_IN=30min
ENV OTP_EXPIRE_TIME_SECONDS=150000 
ENV AWS_S3_REGION = us-east-2 
ENV AWS_S3_BUCKET = gos32 
ENV AWS_ACCESS_KEY_ID ="" 
ENV AWS_SECRET_ACCESS_KEY =""
CMD ["npm", "start"]

Any better way to do that ?

Edit :

Just adding What works me from the answer given by @blami

docker build -t  app . 

then I ran

docker run --env-file env.txt  -d -p 8080:8080  app

docker run with the file option after putting all the env variables in env.txt file

CodePudding user response:

You should not put sensitive data in Dockerfile at all. If your application is configured via environment, you should only provide these variables to container when it is started e.g. manually (using docker -e , --env , and --env-file flags directly on command line) or via your container runtime (which you do not specify in your question):

  • Kubernetes can manage secrets and expose them via files or environment variables - see documentation with examples
  • Docker Swarm supports managing secrets out of the box via docker secret command and can expose such secrets as environment variables too - see documentation with examples
  • Managed cloud providers usually have option to manage secrets and somehow inject them to containers too (or directly expose features of runtime they use).

In any of cases above secrets usually live in secure storage from where they are retrieved only when container starts and injected into it. That way you don't need to have them in Dockerfile. Note that if someone gains access to your running container with application or higher privileges they will be able to retrieve secrets from the environment (as that is how environment variables work).

  • Related