Notice: This page requires JavaScript to function properly.
Please enable JavaScript in your browser settings or update your browser.
Learn Environment Variables and Configuration in Compose | Working with Docker Compose
Docker Essentials

bookEnvironment Variables and Configuration in Compose

Using Environment Variables in docker-compose.yml

Environment variables allow you to create flexible and reusable Docker Compose configurations. By defining variables, you avoid hard-coding values such as ports, image tags, or credentials directly in your docker-compose.yml file. Instead, you reference these variables, and Docker Compose substitutes their values at runtime. This approach is especially useful when deploying the same application to different environments, such as development, testing, or production.

To define and use environment variables in your Compose file, follow these steps:

  • Store environment variables in a .env file in the same directory as your docker-compose.yml;
  • Reference variables in your Compose file using the ${VARIABLE_NAME} syntax;
  • Override variables by passing them directly in the shell or as part of your CI/CD pipeline.

Suppose you want to configure the database password and the application port using environment variables. Create a .env file containing:

DB_PASSWORD=supersecret
APP_PORT=8080

In your docker-compose.yml, reference these variables as follows:

version: "3.8"
services:
  web:
    image: myapp:latest
    ports:
      - "${APP_PORT}:80"
    environment:
      - DB_PASSWORD=${DB_PASSWORD}

When you run docker-compose up, Docker Compose will substitute the values from the .env file into the configuration. This method keeps sensitive or environment-specific data out of your Compose file and makes your setup more portable.

Managing Secrets and Sensitive Data in Compose Files

While environment variables are convenient, they are not always the most secure way to handle sensitive information such as passwords, API keys, or certificates. Environment variables can sometimes be exposed through logs, process lists, or version control if not handled carefully. To improve security, you can use several techniques for managing secrets in Docker Compose:

  • Store sensitive values in a separate .env file and ensure this file is excluded from version control using .gitignore;
  • Use Docker Compose's support for Docker secrets if you are deploying with Docker Swarm, which allows you to securely mount secrets as files inside containers;
  • Reference secrets as files on the host and mount them into the container using the volumes key in your Compose file.

Example: To avoid exposing a database password, store it in a file called db_password.txt and mount it into the container:

services:
  db:
    image: postgres:latest
    volumes:
      - ./db_password.txt:/run/secrets/db_password
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password

This approach keeps the actual secret out of the Compose file and environment variables, reducing the risk of accidental exposure. Always review your configuration and workflows to ensure secrets are protected, and never commit sensitive data to version control.

question mark

What is the main advantage of using environment variables in a Docker Compose file?

Select the correct answer

Everything was clear?

How can we improve it?

Thanks for your feedback!

SectionΒ 3. ChapterΒ 4

Ask AI

expand

Ask AI

ChatGPT

Ask anything or try one of the suggested questions to begin our chat

Suggested prompts:

Can you explain how to override environment variables at runtime?

What are the best practices for keeping secrets secure in Docker Compose?

How do Docker secrets work with Compose files?

Awesome!

Completion rate improved to 7.14

bookEnvironment Variables and Configuration in Compose

Swipe to show menu

Using Environment Variables in docker-compose.yml

Environment variables allow you to create flexible and reusable Docker Compose configurations. By defining variables, you avoid hard-coding values such as ports, image tags, or credentials directly in your docker-compose.yml file. Instead, you reference these variables, and Docker Compose substitutes their values at runtime. This approach is especially useful when deploying the same application to different environments, such as development, testing, or production.

To define and use environment variables in your Compose file, follow these steps:

  • Store environment variables in a .env file in the same directory as your docker-compose.yml;
  • Reference variables in your Compose file using the ${VARIABLE_NAME} syntax;
  • Override variables by passing them directly in the shell or as part of your CI/CD pipeline.

Suppose you want to configure the database password and the application port using environment variables. Create a .env file containing:

DB_PASSWORD=supersecret
APP_PORT=8080

In your docker-compose.yml, reference these variables as follows:

version: "3.8"
services:
  web:
    image: myapp:latest
    ports:
      - "${APP_PORT}:80"
    environment:
      - DB_PASSWORD=${DB_PASSWORD}

When you run docker-compose up, Docker Compose will substitute the values from the .env file into the configuration. This method keeps sensitive or environment-specific data out of your Compose file and makes your setup more portable.

Managing Secrets and Sensitive Data in Compose Files

While environment variables are convenient, they are not always the most secure way to handle sensitive information such as passwords, API keys, or certificates. Environment variables can sometimes be exposed through logs, process lists, or version control if not handled carefully. To improve security, you can use several techniques for managing secrets in Docker Compose:

  • Store sensitive values in a separate .env file and ensure this file is excluded from version control using .gitignore;
  • Use Docker Compose's support for Docker secrets if you are deploying with Docker Swarm, which allows you to securely mount secrets as files inside containers;
  • Reference secrets as files on the host and mount them into the container using the volumes key in your Compose file.

Example: To avoid exposing a database password, store it in a file called db_password.txt and mount it into the container:

services:
  db:
    image: postgres:latest
    volumes:
      - ./db_password.txt:/run/secrets/db_password
    environment:
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password

This approach keeps the actual secret out of the Compose file and environment variables, reducing the risk of accidental exposure. Always review your configuration and workflows to ensure secrets are protected, and never commit sensitive data to version control.

question mark

What is the main advantage of using environment variables in a Docker Compose file?

Select the correct answer

Everything was clear?

How can we improve it?

Thanks for your feedback!

SectionΒ 3. ChapterΒ 4
some-alt