infisical/docs/integrations/platforms/docker.mdx

---
title: "Docker"
description: "How to use Infisical to inject environment variables into a Docker container."
---

Prerequisites:

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)

## Add the Infisical CLI to your Dockerfile

<Tabs>
	 <Tab title="Alpine">
		```dockerfile
    	RUN apk add --no-cache bash curl && curl -1sLf \
      'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
      && apk add infisical
    	```

   </Tab>
	 <Tab title="RedHat/CentOs/Amazon-linux">
		```dockerfile
    RUN curl -1sLf \
    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sh \ 
    && yum install -y infisical
		```
   </Tab>
	 <Tab title="Debian/Ubuntu">
		```dockerfile
    RUN apt-get update && apt-get install -y bash curl && curl -1sLf \
      'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
      && apt-get update && apt-get install -y infisical
		```
   </Tab>
</Tabs>

## Modify the start command in your Dockerfile

Starting your service with the Infisical CLI pulls your secrets from Infisical and injects them into your service.

```dockerfile
CMD ["infisical", "run", "--", "[your service start command]"]

# example with single single command
CMD ["infisical", "run", "--", "npm", "run", "start"]

# example with multiple commands
CMD ["infisical", "run", "--command", "npm run start && ..."]
```

## Generate an Infisical Token

Head to your project settings in Infisical Cloud to generate an [Infisical Token](/documentation/platform/token).

## Feed Docker your Infisical Token

```bash
 docker run --env INFISICAL_TOKEN=[token] [DOCKER-IMAGE]...
```

<Info>

The Infisical CLI uses the detected `INFISICAL_TOKEN` environment variable to authenticate, retrieve, and inject the environment variables which the token is authorized for.

</Info>