Skip to content

Instantly share code, notes, and snippets.

@devfelipereis

devfelipereis/README.md

Forked from bvis/README.md
Last active June 28, 2023 16:56
Show Gist options
  • Star 13 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save devfelipereis/c31dba17bf48150137761097c4c6637f to your computer and use it in GitHub Desktop.
Save devfelipereis/c31dba17bf48150137761097c4c6637f to your computer and use it in GitHub Desktop.
Download ZIP
Docker Env Vars expanded with secrets content
Raw
README.md

Set secrets as env variables in docker

This script will read your secret file and set each line as an env variable in your container.

How to use it

I' assuming that you already has a entrypoint file in your Dockerfile. So now, you need to copy and paste the contents of set_env_secrets.sh to your entrypoint(you don't need the first line).

Now, you need to create a secret, the name could be whatever you like. I'm using the name of my application as a pattern for my secrets name. For this example, my secret name will be super-project and the content will be.

DB_HOST=mariadb
DB_DATABASE=mydatabase
DB_USERNAME=superuser
DB_PASSWORD=supersecretpassword

Then, in my compose file, I need to set that secret name. Like this:

application:
    image: IMAGENAME
    secrets:
      - super-project
    labels:
      - io.rancher.container.pull_image=always
    environment:
      **SECRET_NAME:super-project**

Now you just need to deploy your app and each line of that secret file will be a env variable for your application.

Raw
set_env_secrets.sh
#!/bin/sh
: ${ENV_SECRETS_DIR:=/run/secrets}
env_secret_debug()
{
if [ ! -z "$ENV_SECRETS_DEBUG" ]; then
echo -e "\033[1m$@\033[0m"
fi
}
set_env_secrets() {
secret_name=$SECRET_NAME
secret_file_path="${ENV_SECRETS_DIR}/${secret_name}"
env_secret_debug "Secret file: $secret_name"
if [ -f "$secret_file_path" ]; then
while IFS='' read -r line || [[ -n "$line" ]]; do
export $line
done < "$secret_file_path"
else
env_secret_debug "Secret file does not exist! $secret_name"
fi
if [ ! -z "$ENV_SECRETS_DEBUG" ]; then
echo -e "\n\033[1mExpanded environment variables\033[0m"
printenv
fi
}
set_env_secrets
@N0K0
Copy link

N0K0 commented Jul 1, 2021

Hi! Line 21 is wrong. Should refer to $secret_name :)

@devfelipereis
Copy link
Author

devfelipereis commented Jul 1, 2021
edited

@N0K0 just updated! Thank you!

@slhck
Copy link

slhck commented Feb 25, 2022

Thanks for sharing this! I see your script uses [[ ]] and echo -e which is actually undefined in POSIX sh.

@marlluslustosa
Copy link

Thanks for the code!

Improvements i made:

  • The variables secret_name and secret_file_path were declared as local variables within the set_env_secrets() function, reducing their scope and avoiding conflicts with other variables in the environment.
  • The -n expression was used instead of ! -z to check if the ENV_SECRETS_DEBUG variable is defined and not empty.
  • The declaration of the IFS variable was modified to IFS= read -r line || [ -n "$line" ], avoiding issues with interpreting values containing spaces and ensuring that the loop is executed even if the last line doesn't have a line break.

https://gist.github.com/marlluslustosa/0240f89e2d8ffa14c23ca77fcbda39a3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment