Unset environment variable in compose

Question

I have a Dockerfile that requires two environment variables:

ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY

I'm passing them from the host through my compose file using:

build:
  # ...
  args:
    - AWS_ACCESS_KEY_ID
    - AWS_SECRET_ACCESS_KEY

My problem is that in some flows there is an IAM role set (and no env vars) and I don't want to use the environment variables. But even when they don't exist on the host they seem to be set to empty strings during the build process.

I've tried this:

run if [ -z "$AWS_ACCESS_KEY_ID" ]; then unset AWS_ACCESS_KEY_ID; fi
run if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then unset AWS_SECRET_ACCESS_KEY; fi

run env # see if set

But it doesn't work (the variables are still set even if not set in host env).

I'd welcome another solution on mixing env vars and IAM roles when building dockers.

Answer 1

Different run in Dockerfile not impact each other, to make your aims, suggest to combine them to one run, something likes follows, FYI:

run if [ -z "$AWS_ACCESS_KEY_ID" ]; then unset AWS_ACCESS_KEY_ID; fi && \
  if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then unset AWS_SECRET_ACCESS_KEY; fi && \
  env

Then, you will find no AWS_ACCESS_KEY_ID was set to empty value in env.

And, when try, suggest use docker-compose build --no-cache to test.

Finally, why you see empty value?

I made a experiment, seems if no ENV set in Dockerfile, meanwhile, no env for this variable set in HOST, the ARG in Dockerfile will automatically be changed to one ENV variable when docker build, as the ARG did not set a value, so it's empty.