ContextQMD
Back to Infisical

Docker Compose

docs/integrations/platforms/docker-compose.mdx

0.159.253.4 KB
Original Source

Prerequisites:

Configure the Infisical CLI for each service

Follow this guide to configure the Infisical CLI for each service that you wish to inject environment variables into; you'll have to update the Dockerfile of each service.

<Tabs> <Tab title="Machine Identity (Recommended)"> ### Generate and configure machine identity Generate a machine identity for each service you want to inject secrets into. You can do this by following the steps in the [Machine Identity](/documentation/platform/identities/machine-identities) guide. 
### Set the machine identity client ID and client secret as environment variables
For each service you want to inject secrets into, generate the required `INFISICAL_TOKEN_SERVICE_A` and `INFISICAL_TOKEN_SERVICE_B`.

```yaml
# Example Docker Compose file
services:
  web:
    build: .
    image: example-service-1
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_A}

  api:
    build: .
    image: example-service-2
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_B}

```

### Export shell variables
Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN_SERVICE_A` and `INFISICAL_TOKEN_SERVICE_B` in your Docker Compose file.

```bash
#Example

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_SERVICE_A=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)
export INFISICAL_TOKEN_SERVICE_B=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)

# Then run your compose file in the same terminal.
docker-compose ...
```
</Tab> <Tab title="Service Token"> 
## Generate service token
Generate a unique [Service Token](/documentation/platform/token) for each service.

## Feed service token to your Docker Compose file

For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a unique identifier variable.

In the example below, we set `INFISICAL_TOKEN_FOR_WEB` and `INFISICAL_TOKEN_FOR_API` as the `INFISICAL_TOKEN` for the services.

```yaml
# Example Docker Compose file
services:
  web:
    build: .
    image: example-service-1
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}

  api:
    build: .
    image: example-service-2
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}
```

## Export shell variables

Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN`
in your Docker Compose file.

```bash
#Example

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_WEB=<token>

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_API=<token>

# Then run your compose file in the same terminal.
docker-compose ...
```
</Tab> </Tabs>