1. Introduction
As your Docker Compose projects grow in complexity, effective management of configuration becomes crucial. This chapter explores the use of environment variables and secrets in Docker Compose to enhance flexibility, security, and ease of configuration. By leveraging these features, you can customize the behavior of your services, securely store sensitive information, and streamline the deployment of your containerized applications.
2. Environment Variables
Environment variables are a powerful mechanism for configuring containerized applications. They allow you to customize the behavior of your services without modifying the Docker Compose file directly. Let's explore how to define and use environment variables in Docker Compose.
2.1 Defining Environment Variables
In your docker-compose.yml
file, you can define environment variables for a service using the environment
key:
services:
web:
image: nginx:latest
environment:
- NGINX_PORT=8080
- NGINX_WORKER_PROCESSES=2
In this example, we've set the NGINX_PORT
and NGINX_WORKER_PROCESSES
environment variables for the web
service.
2.2 Referencing Environment Variables
Within your application, you can reference these environment variables just like any other environment variable. For example, in a shell script or a configuration file:
# Accessing NGINX_PORT
echo $NGINX_PORT
2.3 Using .env
Files
To keep your Docker Compose file clean and avoid hardcoding environment variables, you can use a .env
file. Create a file named .env
in the same directory as your docker-compose.yml
:
NGINX_PORT=8080
NGINX_WORKER_PROCESSES=2
Update your docker-compose.yml
to reference these variables:
services:
web:
image: nginx:latest
env_file:
- .env
2.4 Overriding Environment Variables
When running docker-compose
, you can override environment variables using the --env
flag:
docker-compose run --env NGINX_PORT=9090 web
This overrides the NGINX_PORT
variable for the specific command.
3. Secrets
In addition to environment variables, Docker Compose provides support for managing secrets securely. Secrets are sensitive pieces of data, such as passwords or API keys, that you don't want to expose directly in your Compose file.
3.1 Creating a Secret
To create a secret, use the following command:
echo "mysecretvalue" | docker secret create my_secret -
This creates a secret named my_secret
with the value "mysecretvalue".
3.2 Using Secrets in Docker Compose
In your docker-compose.yml
, reference the secret in the secrets
key:
services: database: image: mysql:latest secrets: - my_secret
The secret is mounted as a file in the specified location within the container.
3.3 Mounting Secrets as Environment Variables
If your application expects secrets as environment variables, you can use the secrets
key in the environment
section:
services:
app:
image: myapp:latest
secrets:
- my_secret
environment:
- SECRET_FILE=/run/secrets/my_secret
This mounts the secret as a file at /run/secrets/my_secret
and sets the SECRET_FILE
environment variable.
4. Conclusion
In this chapter, you've learned how to leverage environment variables and secrets in Docker Compose to enhance the configuration and security of your containerized applications. Environment variables provide a flexible way to customize your services, while secrets enable the secure handling of sensitive information. As you continue refining your Docker Compose projects, consider how these features can contribute to better manageability, scalability, and security. In the upcoming chapters, we'll explore data management, networking, and advanced Docker Compose techniques, empowering you to navigate the intricacies of container orchestration confidently.