Skip to main content
March 6, 2023
Question

Secrets as environment variables in docker-compose files

  • March 6, 2023
  • 1 reply
  • 6207 views

I always want to make everything easier, and since I did see 1password supported secrets, I was wondering if its possible to use this with docker-compose (not hosting it, but using it as environment variables in composer files?).

It seems like its only Kubernites / K8 integration, but maybe someone have come up with a different way to do it?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

1 reply

May 26, 2023

Hi @alekslyse, thanks for reaching out and for your interest in using secrets with 1Password!

Based on your question there are a couple of options that could work for you; both involve the 1Password CLI (docs: https://developer.1password.com/docs/cli/).

op inject

  • This command injects secrets into a config file. This allows you to pass in a templated config file with secret references and receive back a resolved config file with the actual secrets substituted in place.
  • Docs with examples of how to use the command and how to use the secret reference syntax in templated config files - https://developer.1password.com/docs/cli/reference/commands/inject/
  • You should also check out the Docker Compose docs on setting environment variables, specifically the "CLI - Substitute with --env-file" section - https://docs.docker.com/compose/environment-variables/set-environment-variables/#cli
  • An example of what this could look like:

```sh

use the ref.env file (containing secret references) as input, and output the resolved secrets to the .env file

op inject -i ref.env -o .env

pass the .env file with resolved secrets to docker-compose

docker-compose —env-file .env up -d

remove the .env file from the disk

rm .env
```

op run

  • This command passes secrets as environment variables to a process. You could use it to pass env vars from your local machine directly to the Docker container.
  • Docs with examples of how to use the command and how to use the secret reference syntax - https://developer.1password.com/docs/cli/reference/commands/run/
  • You should also check out the Docker Compose docs on setting environment variables, specifically the "CLI - Set environment variables with docker compose run --env" section - https://docs.docker.com/compose/environment-variables/set-environment-variables/#set-environment-variables-with-docker-compose-run---env
  • An example of what this could look like:

```sh

note that the resolved secrets need to be specified by variable name when passing them to docker-compose as env vars

op run —env-file .env — docker-compose run -e SECRET1=$SECRET1 -e SECRET2=$SECRET2 web python console.py
```

I hope that these suggestions help! Please let us know if you run into any issues.

-- Dustin