Docker Compose
reading time 5 mins
This guide will show you two methods of using Doppler to supply app config and secrets for Docker Compose in production and local development environments.
Option | Usecase |
|---|---|
Installs the Doppler CLI in the Dockerfile. | |
Secrets injected into containers as environment variables. |
Prerequisites
- You've run applications in Docker Compose and have experience building Docker images.
Service Tokens
Accessing your secrets in production or CI/CD environments requires a Service Token to provide read-only access to a specific config. It's exposed to the CLI via the DOPPLER_TOKEN environment variable which should be provided by your CI/CD environment, e.g. GitHub Secret.
Option 1: Dockerfile
This option embeds the Doppler CLI in a Dockerfile and requires the DOPPLER_TOKEN environment variable. Save this as Dockerfile:
FROM ubuntu
# Install Doppler CLI
RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg && \
curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | apt-key add - && \
echo "deb https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list && \
apt-get update && \
apt-get -y install doppler
# Fetch and view secrets using "printenv". Testing purposes only!
# Replace "printenv" with the command used to start your app, e.g. "npm", "start"
CMD ["doppler", "run", "--", "printenv"]
FROM alpine
# Install Doppler CLI
RUN wget -q -t3 'https://packages.doppler.com/public/cli/rsa.8004D9FF50437357.key' -O /etc/apk/keys/[email protected] && \
echo 'https://packages.doppler.com/public/cli/alpine/any-version/main' | tee -a /etc/apk/repositories && \
apk add doppler
# Fetch and view secrets using "printenv". Testing purposes only!
# Replace "printenv" with the command used to start your app, e.g. "npm", "start"
CMD ["doppler", "run", "--", "printenv"]
FROM centos
# Install Doppler CLI
RUN rpm --import 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' && \
curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/config.rpm.txt' | tee /etc/yum.repos.d/doppler-cli.repo && \
yum update -y && \
yum install -y doppler
# Fetch and view secrets using "printenv". Testing purposes only!
# Replace "printenv" with the command used to start your app, e.g. "npm", "start"
CMD ["doppler", "run", "--", "printenv"]
FROM alpine
# Option 1: Standard
RUN (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh
# Option 2: Signature Verification (GnuPG package required)
RUN (curl -Ls --tlsv1.2 --proto "=https" --retry 3 https://cli.doppler.com/install.sh || wget -t 3 -qO- https://cli.doppler.com/install.sh) | sh -s -- --verify-signature
# Fetch and view secrets using "printenv". Testing purposes only!
# Replace "printenv" with the command used to start your app, e.g. "npm", "start"
CMD ["doppler", "run", "--", "printenv"]
Then save the below file as docker-compose.yml:
services:
web:
build: .
image: doppler-test-alpine
container_name: doppler-test
init: true
environment:
- DOPPLER_TOKEN
Production deployments
A Doppler Service Token exposed as the DOPPLER_TOKEN environment variable provides read-only access to a specific config in production environments:
# Expects the `DOPPLER_TOKEN` environment variable
docker-compose up
Local development
For local development, an ephemeral DOPPLER_TOKEN is used:
DOPPLER_TOKEN="$(doppler configs tokens create dev --plain --max-age 1m)" \
docker-compose -f docker-compose.yml up
Option 2: Container Env Vars
Alternatively, you can use the Doppler CLI to supply environment variables to Docker Compose with each container explicitly defining which environment variables they wish to receive.
Here is a docker-compose.yml that will pass on the three standard Doppler environment variables as well as two custom variables:
Only environment variables explicitly listed in the
environment:map will be passed through to the container.Make sure you update this list any time you add a new secret to your Doppler project.
services:
web:
build: .
image: alpine
container_name: doppler-test
init: true
environment:
- API_KEY
- OTHER_SECRET
Then use the Doppler CLI to inject the environment variables:
doppler run -- docker-compose up
The benefit of this approach is that Docker Compose is run the same in development as it is in production.
Amazing Work!
Now you know two methods for Doppler to supply app config and secrets for Docker Compose in production and local development environments.
Updated 28 days ago