Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

PennyOakfield's avatar
PennyOakfield
Occasional Contributor
5 months ago

Secrets as environment variables in docker-compose files

I always want to make everything easier, and since I did see 1password supported secrets, I was wondering if its possible to use this with docker-compose (not hosting it, but using it as environment variables in composer files?).

It seems like its only Kubernites / K8 integration, but maybe someone have come up with a different way to do it?

secrets management
  • 1P_Blake's avatar
    1P_Blake
    Icon for Community Manager rankCommunity Manager
    4 months ago

    Hey PennyOakfield ! 👋 Thanks for reaching out and for your interest in using secrets with 1Password!

    Based on your question there are a couple of options that could work for you; both involve the 1Password CLI (docs: https://developer.1password.com/docs/cli/).

    op inject

    1. This command injects secrets into a config file. This allows you to pass in a templated config file with secret references and receive back a resolved config file with the actual secrets substituted in place.
    2. Docs with examples of how to use the command and how to use the secret reference syntax in templated config files - https://developer.1password.com/docs/cli/reference/commands/inject/
    3. You should also check out the Docker Compose docs on setting environment variables, specifically the "CLI - Substitute with --env-file" section - https://docs.docker.com/compose/environment-variables/set-environment-variables/#cli
    4. An example of what this could look like:
    # use the ref.env file (containing secret references) as input, and output the resolved secrets to the .env file

op inject -i ref.env -o .env

# pass the .env file with resolved secrets to docker-compose

docker-compose —env-file .env up -d

# remove the .env file from the disk

rm .env

    op run

    1. This command passes secrets as environment variables to a process. You could use it to pass env vars from your local machine directly to the Docker container.
    2. Docs with examples of how to use the command and how to use the secret reference syntax - https://developer.1password.com/docs/cli/reference/commands/run/
    3. You should also check out the Docker Compose docs on setting environment variables, specifically the "CLI - Set environment variables with docker compose run --env" section - https://docs.docker.com/compose/environment-variables/set-environment-variables/#set-environment-variables-with-docker-compose-run---env
    4. An example of what this could look like:
    # note that the resolved secrets need to be specified by variable name when passing them to docker-compose as env vars 

op run —env-file .env — docker-compose run -e SECRET1=$SECRET1 -e SECRET2=$SECRET2 web python console.py

    I hope that these suggestions help! Please let us know if you run into any issues.