github/infisical
1
1
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-05-02 03:02:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
5eeea767a39db8d669cf07626a6ee6dec182829b
infisical/docs/integrations/platforms/docker.mdx
Tuan Dang 46912c4c3c Update docs
2024-04-30 16:44:06 -07:00

121 lines
4.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "Docker Entrypoint"
description: "Learn how to use Infisical to inject environment variables into a Docker container."
---
This approach allows you to inject secrets from Infisical directly into your application.
This is achieved by installing the Infisical CLI into your docker image and modifying your start command to execute with Infisical.
## Add the Infisical CLI to your Dockerfile
<Tabs>
<Tab title="Alpine">
```dockerfile
RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical
```
</Tab>
<Tab title="RedHat/CentOs/Amazon-linux">
```dockerfile
RUN curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sh \
&& yum install -y infisical
```
</Tab>
<Tab title="Debian/Ubuntu">
```dockerfile
RUN apt-get update && apt-get install -y bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
&& apt-get update && apt-get install -y infisical
```
</Tab>
</Tabs>
####
<Tip>
We recommend you to set the version of the CLI to a specific version. This will help keep your CLI version consistent across reinstalls. [View versions](https://cloudsmith.io/~infisical/repos/infisical-cli/packages/)
</Tip>
## Modify the start command in your Dockerfile
Starting your service with the Infisical CLI pulls your secrets from Infisical and injects them into your service.
<Tabs>
<Tab title="Machine Identity (Recommended)">
```dockerfile
CMD ["infisical", "run", "--projectId", "<your-project-id>", "--", "[your service start command]"]
# example with single single command
CMD ["infisical", "run", "--projectId", "<your-project-id>", "--", "npm", "run", "start"]
# example with multiple commands
CMD ["infisical", "run", "--projectId", "<your-project-id>", "--command", "npm run start && ..."]
````
<Steps>
<Step title="Generate a machine identity">
Generate a machine identity for your project by following the steps in the [Machine Identity](/documentation/platform/identities/machine-identities) guide. The machine identity will allow you to authenticate and fetch secrets from Infisical.
</Step>
<Step title="Obtain an access token for the machine identity">
Obtain an access token for the machine identity by running the following command:
```bash
export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --plain --silent)
```
<Info>
Please note that the access token has a limited lifespan. The `infisical token renew` command can be used to renew the token if needed.
</Info>
</Step>
<Step title="Feed the access token to the docker container">
The last step is to give the Infisical CLI installed in your Docker container access to the access token. This will allow the CLI to fetch and inject the secrets into your application.
To feed the access token to the container, use the INFISICAL_TOKEN environment variable as shown below.
```bash
docker run --env INFISICAL_TOKEN=$INFISICAL_TOKEN [DOCKER-IMAGE]...
```
</Step>
</Steps>
</Tab>
<Tab title="Service Token (Deprecated)">
<Warning>
Service tokens are being deprecated in favor of [machine identities](/documentation/platform/identities/machine-identities).
They will be removed in the future in accordance with the deprecation notice and timeline stated [here](https://infisical.com/blog/deprecating-api-keys).
</Warning>
```dockerfile
CMD ["infisical", "run", "--", "[your service start command]"]
# example with single single command
CMD ["infisical", "run", "--", "npm", "run", "start"]
# example with multiple commands
CMD ["infisical", "run", "--command", "npm run start && ..."]
````
<Steps>
<Step title="Generate a service token">
Head to your project settings in the Infisical dashboard to generate an [service token](/documentation/platform/token).
This service token will allow you to authenticate and fetch secrets from Infisical.
Once you have created a service token with the required permissions, youll need to feed the token to the CLI installed in your docker container.
</Step>
<Step title="Feed service token to docker container">
The last step is to give the Infisical CLI installed in your Docker container access to the service token. This will allow the CLI to fetch and inject the secrets into your application.
To feed the service token to the container, use the INFISICAL_TOKEN environment variable as shown below.
```bash
docker run --env INFISICAL_TOKEN=[token] [DOCKER-IMAGE]...
```
</Step>
</Steps>
</Tab>
</Tabs>
Reference in New Issue View Git Blame Copy Permalink