My understanding of Heroku's Docker container-registry CLI was that it was a wrapper around the Docker cli.
When I build locally I'll use, for example: docker build -f Dockerfile.example --build-arg SECRET_KEY=abc
. And I'll have set ARG SECRET_KEY
in my Dockerfile.example.
However if I want to push up to heroku's docker container-registry, I found out that I need to declare ENV SECRET_KEY=abc
in my Dockerfile.example, and then run the command heroku container:push example --recursive
.
Why is the case? What sets them apart? Isn't hardcoding the ENV bad security practice? Does Heroku offer a way around this?
Set up your local environment variables 1 View your app’s config vars. To view all of your app’s config vars, type heroku config. 2 Look at the contents of your .env file. 3 Add a config var to your .env file. Credentials and other sensitive configuration values should not be committed to... More ...
Setting the Docker ARG variable and then passing that value to the ENV variable seems redundant and it would be easiest to directly set the Docker ENV variable or permanently persist the ARG. However, this is not a capability we have.
For each config var that you want to add to your .env file, use the following command: $ heroku config:get CONFIG-VAR-NAME -s >> .env Do not commit the .env file to source control. It should only be used for local configuration. Update your .gitignore file to exclude the .env file.
Variables set in this section do not create runtime config vars. Also runtime config vars (e.g., those set with heroku config:set) are not available at build-time. Each build-time environment variable must match an ARG line in your Dockerfile:
You can run something like
heroku container:push web --arg SECRET_KEY=xxxSecret123
In that way, You don't have to feed information in your Dockerfile directly.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With