This guide will show you two methods of using Doppler to supply app config and secrets for Docker Compose in production and local development environments.
- You've run applications in Docker Compose and have experience building Docker images.
Accessing your secrets in production or CI/CD environments requires a Service Token to provide read-only access to a specific config. It's exposed to the CLI via the
DOPPLER_TOKEN environment variable which should be provided by your CI/CD environment, e.g. GitHub Secret.
This option embeds the Doppler CLI in a
Dockerfile and requires the
DOPPLER_TOKEN environment variable. Save this as
FROM alpine # Install the Doppler CLI RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh # Fetch and view secrets using "printenv". Testing purposes only! # Replace "printenv" with the command used to start your app, e.g. "npm", "start" CMD ["doppler", "run", "--", "printenv"]
Then save the below file as
services: web: build: . image: doppler-test-alpine container_name: doppler-test init: true environment: - DOPPLER_TOKEN
To access your secrets when running the container, Doppler Compose needs read-only access to a specific config using a Service Token via the
DOPPLER_TOKEN environment variable:
# Expects the `DOPPLER_TOKEN` environment variable docker-compose up
$DOPPLER_TOKEN allows Docker Compose to be run and configured for any environment. Now we'll cover how to develop locally using this approach.
If you wish to test your compose file in local development with the credentials set during
doppler setup, you will need to also provide the
DOPPLER_CONFIG environment variables.
services: web: build: . image: doppler-test-alpine container_name: doppler-test init: true environment: - DOPPLER_TOKEN - DOPPLER_PROJECT - DOPPLER_CONFIG
Here is the altered command for supplying the required environment variables to Docker Compose for local development:
DOPPLER_TOKEN="$(doppler configure get token --plain)" \ DOPPLER_PROJECT="$(doppler configure get project --plain)" \ DOPPLER_CONFIG="$(doppler configure get config --plain)" \ \ docker-compose -f docker-compose.yml up
Alternatively, you can use the Doppler CLI to supply environment variables to Docker Compose with each container explicitly defining which environment variables they wish to receive.
Here is a
docker-compose.yml that will pass on the three standard Doppler environment variables as well as two custom variables:
services: web: build: . image: alpine container_name: doppler-test init: true environment: - DOPPLER_TOKEN - DOPPLER_PROJECT - DOPPLER_CONFIG - API_KEY - OTHER_SECRET
Then use the Doppler CLI to inject the environment variables:
doppler run -- docker-compose up
The benefit of this approach is that Docker Compose is run the same in development as it is in production.
Now you know two methods for Doppler to supply app config and secrets for Docker Compose in production and local development environments.
Updated 6 months ago