Menu
I have a docker image which is partially ready to work. To have it fully working I have to run
sudo docker run -d -p 80 --name myimage -e ADMIN_USER="user1" -e ADMIN_PASSWORD='password1' leonixyz/myimage:1.0
The first time the image gets executed my code configures the application inside.
This is handy because each time I need a new instance of the application, which has to be configured each time for a different user, I can pass different environment variables to docker run and my code will configure the container specifically for the new user.
Unfortunately, I see these variables cannot be removed from the container.
If I do:
sudo docker exec -it <container_id> bash
then I can see variables ADMIN_USER and ADMIN_PASSWORD are (obviously) still there.
I tried to unset ADMIN_PASSWORD on the end of my one-time-configuration code, but it doesn't work.
Also running unset ADMIN_PASSWORD from the bash shell in the running container won't work.
Is there a way to remove an environment variable from a container, once this has been started?
Thanks
Edit as pointed out it's better to not pass secrets at all via environment variables, a great workaround is explained here https://github.com/docker/docker/issues/13490#issuecomment-162125128
287
Using docker-compose , you can inherit env variables in docker-compose. yml and subsequently any Dockerfile(s) called by docker-compose to build images. This is useful when the Dockerfile RUN command should execute commands specific to the environment.
Using –env, -e Let's start by pulling the image locally: docker pull alpine:3. When we launch our Docker container, we can pass environment variables as key-value pairs directly into the command line using the parameter –env (or its short form -e).
You can pass the values of environment variables from the host to your containers without much effort. Simply don't specify a value in the command line, and make sure that the environment variable is named the same as the variable the containerized app expects: $ docker run -e var_name (...)
Environment variables can be used to pass configuration to an application when it is run. This is done by adding the definition of the environment variable to the deployment configuration for the application. To add a new environment variable use the oc set env command.
The only reasonable way to "unset" environment variables holding credentials is to not set them in the first place. Don't use environment variables for credentials, or "secrets", in general.
The following provides a good summary: https://github.com/docker/docker/issues/13490 .
164
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
