E

Integrating Secrets with Docker Compose

Summary

The user is looking for guidance on integrating secrets into a service's environment with Docker Compose, specifically to replace a deprecated option and use a secret instead of a hardcoded value. They want to access the open_ai/api_key secret and set it as an environment variable in the elixir_app service. While working locally, they encounter an error stating that secrets are not supported in this context when using Docker run. The user is unsure how to pass a secret into the --load command and is currently using files to pass values.

Status
resolved
Tags
  • elixir_app
  • Docker
  • Secrets
  • Integration
  • Docker
  • Docker Compose
Source
#earthly
    e

    e

    7/30/2024

    not sure how that would work. i'm using files to pass for now

    n

    nacho

    7/30/2024

    if it is to run locally, maybe you could pass the secret through an ARG?

    e

    e

    7/30/2024

    is there no way to pass a secret into the --load?

    e

    e

    7/30/2024

    oh right i am doing this LOCALLY so i can't do it

                  +start |           WITH DOCKER RUN
                  +start | failed: secrets not yet supported with LOCALLY
    Error: Earthfile:51:6 with docker run: secrets not yet supported with LOCALLY```
    :smiling_face_with_tear:
    
    n

    nacho

    7/30/2024

    Then pass its value in the RUN compose up as a secret

    n

    nacho

    7/30/2024

    I would define OPEN_AI_API_KEY as an env entry in the elixir_app service,

    e

    e

    7/30/2024

    this isn't inside of a run, how do i get it into the environment?

      LOCALLY
    
      BUILD +elixir-app-development
    
      RUN docker compose down
    
      WITH DOCKER \
          --compose compose.yaml \
          --load elixir_app=(+elixir-app-development --OPEN_AI_API_KEY=open_ai/api_key)
          RUN --no-cache docker compose up -d
      END```
    i'm looking to grab the value of the `open_ai/api_key` secret here
    
    n

    nacho

    7/30/2024

    Once the secret is in your environment you should be able to use it like https://docs.docker.com/compose/environment-variables/variable-interpolation/#substitute-from-the-shell

    e

    e

    7/30/2024

    i see this This option is deprecated. Please use --load <image-name>=(<target-ref> --<build-arg-key>=<build-arg-value>) instead. so am doing that but now i want to pass a secret rather than a hardcoded value

    e

    e

    7/30/2024

    is it possible to pull in earthly secrets into a service's environment in docker compose?