Summary
The user is looking for guidance on integrating secrets into a service's environment with Docker Compose, specifically to replace a deprecated option and use a secret instead of a hardcoded value. They want to access the open_ai/api_key
secret and set it as an environment variable in the elixir_app service. While working locally, they encounter an error stating that secrets are not supported in this context when using Docker run. The user is unsure how to pass a secret into the --load
command and is currently using files to pass values.
e
not sure how that would work. i'm using files to pass for now
nacho
if it is to run locally, maybe you could pass the secret through an ARG?
e
is there no way to pass a secret into the --load
?
e
oh right i am doing this LOCALLY
so i can't do it
+start | WITH DOCKER RUN
+start | failed: secrets not yet supported with LOCALLY
Error: Earthfile:51:6 with docker run: secrets not yet supported with LOCALLY```
:smiling_face_with_tear:
nacho
Then pass its value in the RUN compose up as a secret
nacho
I would define OPEN_AI_API_KEY as an env entry in the elixir_app service,
e
this isn't inside of a run, how do i get it into the environment?
LOCALLY
BUILD +elixir-app-development
RUN docker compose down
WITH DOCKER \
--compose compose.yaml \
--load elixir_app=(+elixir-app-development --OPEN_AI_API_KEY=open_ai/api_key)
RUN --no-cache docker compose up -d
END```
i'm looking to grab the value of the `open_ai/api_key` secret here
nacho
Once the secret is in your environment you should be able to use it like https://docs.docker.com/compose/environment-variables/variable-interpolation/#substitute-from-the-shell
e
i see this
This option is deprecated. Please use --load <image-name>=(<target-ref> --<build-arg-key>=<build-arg-value>) instead.
so am doing that but now i want to pass a secret rather than a hardcoded value
e
is it possible to pull in earthly secrets into a service's environment in docker compose?