How do I pass environment variables to Docker containers?

前端 未结 14 1170
独厮守ぢ
独厮守ぢ 2020-11-22 11:15

I\'m new to Docker, and it\'s unclear how to access an external database from a container. Is the best way to hard-code in the connection string?

# Dockerfil         


        
相关标签:
14条回答
  • 2020-11-22 11:23

    If you have the environment variables in an env.sh locally and want to set it up when the container starts, you could try

    COPY env.sh /env.sh
    COPY <filename>.jar /<filename>.jar
    ENTRYPOINT ["/bin/bash" , "-c", "source /env.sh && printenv && java -jar /<filename>.jar"]
    

    This command would start the container with a bash shell (I want a bash shell since source is a bash command), sources the env.sh file(which sets the environment variables) and executes the jar file.

    The env.sh looks like this,

    #!/bin/bash
    export FOO="BAR"
    export DB_NAME="DATABASE_NAME"
    

    I added the printenv command only to test that actual source command works. You should probably remove it when you confirm the source command works fine or the environment variables would appear in your docker logs.

    0 讨论(0)
  • 2020-11-22 11:26

    You can pass using -e parameters with docker run .. command as mentioned here and as mentioned by @errata.

    However, the possible downside of this approach is that your credentials will be displayed in the process listing, where you run it.

    To make it more secure, you may write your credentials in a configuration file and do docker run with --env-file as mentioned here. Then you can control the access of that config file so that others having access to that machine wouldn't see your credentials.

    0 讨论(0)
  • 2020-11-22 11:27

    For Amazon AWS ECS/ECR, you should manage your environment variables (especially secrets) via a private S3 bucket. See blog post How to Manage Secrets for Amazon EC2 Container Service–Based Applications by Using Amazon S3 and Docker.

    0 讨论(0)
  • 2020-11-22 11:27

    Using jq to convert the env to JSON:

    env_as_json=`jq -c -n env`
    docker run -e HOST_ENV="$env_as_json" <image>
    

    this requires jq version 1.6 or newer

    this pust the host env as json, essentially like so in Dockerfile:

    ENV HOST_ENV  (all env from the host as json)
    
    0 讨论(0)
  • 2020-11-22 11:30

    here is how i was able to solve it

    docker run --rm -ti -e AWS_ACCESS_KEY_ID -e AWS_SECRET_ACCESS_KEY -e AWS_SESSION_TOKEN -e AWS_SECURITY_TOKEN amazon/aws-cli s3 ls
    

    one more example:

    export VAR1=value1
    export VAR2=value2
    
    $ docker run --env VAR1 --env VAR2 ubuntu env | grep VAR
    VAR1=value1
    VAR2=value2
    
    0 讨论(0)
  • 2020-11-22 11:31

    docker run --rm -it --env-file <(bash -c 'env | grep <your env data>') Is a way to grep the data stored within a .env and pass them to Docker, without anything being stored unsecurely (so you can't just look at docker history and grab keys.

    Say you have a load of AWS stuff in your .env like so:

    AWS_ACCESS_KEY: xxxxxxx
    AWS_SECRET: xxxxxx
    AWS_REGION: xxxxxx
    

    running docker with ```docker run --rm -it --env-file <(bash -c 'env | grep AWS_') will grab it all and pass it securely to be accessible from within the container.

    0 讨论(0)
提交回复
热议问题