Securing/Encrypting the sensitive environment variables

Question

I'm using an env file which contains sensitive information for docker creation.

But the thing is they are not secure. They can be easily viewed via docker inspect, and hence they are available to any user that can run docker commands.

I'm looking for a way in which I can secure these values from the outside users, without using docker swarm.

Is there a way to achieve this?

Answer 1

For variables needed in built-time (image creation):

• ARG: --build-arg

For env variables needed when container starts:

• --env-file: It lets you nobody can see your variables doing history inspecting your cli command.
• Use docker secrets: possible in swarm, docker enterprise. (docker swarm secrets)