- You've run applications in Docker and have experience building Docker images.
Accessing your secrets in production or CI/CD environments requires a Service Token to provide read-only access to a specific config. It's exposed to the CLI via the
DOPPLER_TOKEN environment variable which should be provided by your CI/CD environment, e.g. GitHub Secret.
Alternatively, the Doppler CLI can be used to supply environment variables to the container using the
docker run --env-file flag combined with
doppler secrets download.
This method requires a bash shell (for process substitution) and the Doppler CLI to be installed in the environment running the container. Using the
alpine image as an example:
docker run --rm --env-file <(doppler secrets download --no-file --format docker) alpine printenv
You should now see your secrets output amongst the other container environment variables.
Docker does not support multi-line secrets when using the
--env-fileoption so Doppler's
--format dockerflag flattens multi-line secrets by escaping newlines. These can then be converted back to their original form in your application code by replacing the escaped newlines with newlines (replace
Your secrets in Doppler are now ready to be used in your Docker containers.
Updated over 1 year ago