Using Infisical for Docker Composer Secrets
-
After running into Infisical by chance, I was really interested in using it for Docker secrets (because I don't like dealing with Hashicorp vault) and I found their documentation kind of lacking for docker compose in particular because they basically assume that your a developer building a docker image (instead of a pre-built one). With this guide I want to point out another way to use it.
For this guide I'm using self-hosted Infisical, and Ubuntu Server with the latest version of Docker and compose v2.
Installing Infisical Docker Compose
Infisical has some very good documentation for doing this in their docker compose self-hosted docs so I won't repeat them here. Just know that you either need to do this, or use the cloud hosted version for anything else.
Install Infisical CLI
For Ubuntu you can run the following commands:
curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | sudo -E bash sudo apt update && sudo apt install -y infisical
For other linux distros you can use the commands in their docs.
Using with docker compose
For use with docker compose you would create docker compose file like:
version: "3.7" services: test: environment: - MY_VAR=${INFCAL_MY_VAR} image: alpine:latest entrypoint: - printenv
In Infiscal you would configure environment variable to be
INFCAL_MY_VAR
with whatever value you want. From here you then would get the service token for use and then run the following commands:export INFISICAL_TOKEN=***** # Only if your self-hosting Infrisical export INFISICAL_API_URL=https://yourdomain.com/api docker compose --env-file <(infisical export --format=dotenv) up
Once you run the docker compose command, you should see the console output of the alpine image and it should display the environment variables in which
MY_VAR
should be displayed with the contents you set in Infisical.Known Issues
The only known issue I have found so far is that you can't use "multi-line" environment variables. Otherwise everything seems to work exactly as it's supposed to.
-
export secret injection not working for me. i use this
services: postgres: container_name: postgres image: postgres:16-alpine environment: - INFISICAL_MACHINE_IDENTITY_CLIENT_ID=${CLIENT_ID} - INFISICAL_MACHINE_IDENTITY_CLIENT_SECRET=${CLIENT_SECRET} - POSTGRES_USER - POSTGRES_PASSWORD - PGDATA
and run with this command
env variable with nothing behind are recorded in the secret storeexport CLIENT_ID=<machine client id> export CLIENT_SECRET=<amchine secret id> infisical run --command="docker compose up -d"
-
golem boy I'll be perfectly honest, I'm not sure what your trying to do with these commands and variables. They aren't at all related to the guide posted, and this isn't an official support forum or anything if your trying to do something specific.