Docker Compose

reading time 5 mins

This guide will show you two methods of using Doppler to supply app config and secrets for Docker Compose in production and local development environments.

Option

Usecase

Dockerfile

Installs the Doppler CLI in the Dockerfile.

Container Env Vars

Secrets injected into containers as environment variables.

Prerequisites

  • You've run applications in Docker Compose and have experience building Docker images.

Service Tokens

Accessing your secrets in production or CI/CD environments requires a Service Token to provide read-only access to a specific config. It's exposed to the CLI via the DOPPLER_TOKEN environment variable which should be provided by your CI/CD environment, e.g. GitHub Secret.

Option 1: Dockerfile

This option embeds the Doppler CLI in a Dockerfile and requires the DOPPLER_TOKEN environment variable. Save this as Dockerfile:

FROM alpine

# Install the Doppler CLI
RUN (curl -Ls https://cli.doppler.com/install.sh || wget -qO- https://cli.doppler.com/install.sh) | sh

# Fetch and view secrets using "printenv". Testing purposes only!
# Replace "printenv" with the command used to start your app, e.g. "npm", "start"
CMD ["doppler", "run", "--", "printenv"]

Then save the below file as docker-compose.yml:

services:
  web:
    build: .
    image: doppler-test-alpine
    container_name: doppler-test
    init: true
    environment:
      - DOPPLER_TOKEN

To access your secrets when running the container, Doppler Compose needs read-only access to a specific config using a Service Token via the DOPPLER_TOKEN environment variable:

# Expects the `DOPPLER_TOKEN` environment variable
docker-compose up

Using $DOPPLER_TOKEN allows Docker Compose to be run and configured for any environment. Now we'll cover how to develop locally using this approach.

Local Development

If you wish to test your compose file in local development with the credentials set during doppler setup, you will need to also provide the DOPPLER_PROJECT and DOPPLER_CONFIG environment variables.

services:
  web:
    build: .
    image: doppler-test-alpine
    container_name: doppler-test
    init: true
    environment:
      - DOPPLER_TOKEN
      - DOPPLER_PROJECT
      - DOPPLER_CONFIG

Here is the altered command for supplying the required environment variables to Docker Compose for local development:

DOPPLER_TOKEN="$(doppler configure get token --plain)" \
DOPPLER_PROJECT="$(doppler configure get project --plain)" \
DOPPLER_CONFIG="$(doppler configure get config --plain)" \
\
docker-compose -f docker-compose.yml up

Option 2: Container Env Vars

Alternatively, you can use the Doppler CLI to supply environment variables to Docker Compose with each container explicitly defining which environment variables they wish to receive.

Here is a docker-compose.yml that will pass on the three standard Doppler environment variables as well as two custom variables:

services:
  web:
    build: .
    image: alpine
    container_name: doppler-test
    init: true
    environment:
      - DOPPLER_TOKEN
      - DOPPLER_PROJECT
      - DOPPLER_CONFIG
      - API_KEY
      - OTHER_SECRET

Then use the Doppler CLI to inject the environment variables:

doppler run -- docker-compose up

The benefit of this approach is that Docker Compose is run the same in development as it is in production.

πŸ‘

Amazing Work!

Now you know two methods for Doppler to supply app config and secrets for Docker Compose in production and local development environments.


Did this page help you?