Container Env Vars

Prerequisites

• You've run applications in Docker and have experience building Docker images.

Service Tokens

Accessing your secrets in production or CI/CD environments requires a Service Token to provide read-only access to a specific config. It's exposed to the CLI via the DOPPLER_TOKEN environment variable which should be provided by your CI/CD environment, e.g. GitHub Secret.

Installation

Alternatively, the Doppler CLI can be used to supply environment variables to the container using the docker run --env-file flag combined with doppler secrets download.

This method requires a bash shell (for process substitution) and the Doppler CLI to be installed in the environment running the container. Using the alpine image as an example:

docker run --rm --env-file <(doppler secrets download --no-file --format docker) alpine printenv

You should now see your secrets output amongst the other container environment variables.

📘

Docker does not support multi-line secrets when using the --env-file option so Doppler's --format docker flag flattens multi-line secrets by escaping newlines. These can then be converted back to their original form in your application code by replacing the escaped newlines with newlines (replace \\n with \n).

👍

Amazing Work!

Your secrets in Doppler are now ready to be used in your Docker containers.