github/infisical
1
1
Fork 0
mirror of https://github.com/Infisical/infisical.git synced 2026-05-02 03:02:03 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
64cd858f9cf01ac8f62689081d03166322dc73d0
infisical/docs/integrations/platforms/docker-compose.mdx
Akhil Mohan 93afa91239 Merge pull request #2435 from akhilmhdh/doc/docker-integration 
chore: updated documentation for docker compose and docker for machine identity
2024-10-16 13:06:21 +05:30

101 lines
3.6 KiB
Plaintext
Raw Blame History

---
title: "Docker Compose"
description: "Find out how to use Infisical to inject environment variables into services defined in your Docker Compose file."
---
Prerequisites:
- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
## Configure the Infisical CLI for each service
Follow this [guide](./docker) to configure the Infisical CLI for each service that you wish to inject environment variables into; you'll have to update the Dockerfile of each service.
<Tabs>
<Tab title="Machine Identity (Recommended)">
### Generate and configure machine identity
Generate a machine identity for each service you want to inject secrets into. You can do this by following the steps in the [Machine Identity](/documentation/platform/identities/machine-identities) guide.
### Set the machine identity client ID and client secret as environment variables
For each service you want to inject secrets into, generate the required `INFISICAL_TOKEN_SERVICE_A` and `INFISICAL_TOKEN_SERVICE_B`.
```yaml
# Example Docker Compose file
services:
web:
build: .
image: example-service-1
environment:
- INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_A}
api:
build: .
image: example-service-2
environment:
- INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_B}
```
### Export shell variables
Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN_SERVICE_A` and `INFISICAL_TOKEN_SERVICE_B` in your Docker Compose file.
```bash
#Example
# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_SERVICE_A=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)
export INFISICAL_TOKEN_SERVICE_B=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)
# Then run your compose file in the same terminal.
docker-compose ...
```
</Tab>
<Tab title="Service Token">
## Generate service token
Generate a unique [Service Token](/documentation/platform/token) for each service.
## Feed service token to your Docker Compose file
For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a unique identifier variable.
In the example below, we set `INFISICAL_TOKEN_FOR_WEB` and `INFISICAL_TOKEN_FOR_API` as the `INFISICAL_TOKEN` for the services.
```yaml
# Example Docker Compose file
services:
web:
build: .
image: example-service-1
environment:
- INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}
api:
build: .
image: example-service-2
environment:
- INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}
```
## Export shell variables
Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN`
in your Docker Compose file.
```bash
#Example
# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_WEB=<token>
# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_API=<token>
# Then run your compose file in the same terminal.
docker-compose ...
```
</Tab>
</Tabs>
Reference in New Issue View Git Blame Copy Permalink