Using environment variables in a Dockerfile

Overview

Your application may need to call environment variables during its build step - particularly if your build has multiple, dependent stages. A common way of achieving this is to add these calls to your Dockerfile. We explain how to achieve this below, and give examples.

Calling an environment variable in a Dockerfile

You can pull the value of an environment variable from your Cloud 66 account into a Dockerfile using the ENV command and the format $NAME_OF_KEY. Note that the key name must be capitalized. For example the following:

ENV WEB_IP "$WEB_ADDRESS_INT"

…would pull the internal IP address of the application’s webserver into the Dockerfile and assign it to a local variable named “WEB_IP”.

Note that this assumes that the environment variable you are calling already exists in your Cloud 66 application. If it doesn’t, this call will result in a build error.

You can also use the following format if you don’t need to set the output as a variable and just need the value of the key for another operation.

RUN echo $WEB_ADDRESS_INT

Example: pulling an SSH key into a Dockerfile

If a step in your application build requires access to a private SSH key, you could simply paste the key into your Dockerfile but this is quite error prone and often results in unintentional truncation of keys. It’s also obviously not a good security practice as it exposes the key in plain text in the Dockerfile, which may be in a shared or public repo.

Instead, you should hash your private key, add it to your Cloud 66 account and then un-hash it as part of your build process. Follow the steps below to see how this is done:

  1. Hash your private key on your own machine by using cat NAME_OF_SSH_KEY | base64 and then copying the entire hashed key (be careful not to trim any characters accidentally).
  2. Open the Cloud 66 dashboard for your application and click Configuration in the right-hand panel.
  3. Scroll down to Your Custom Variables and Paste your base64 encoded key into the Value field
  4. Give the key a short and memorable name (e.g. PRIV_SSH_KEY) and Save Changes
  5. Add a command to your Dockerfile makes use of the key. For example: RUN echo $ENCODED_SSH_KEY | base64 -D > /root/.ssh/id_rsa

This final step pulls the variable from Cloud 66, decodes it and then saves it as a key under the root directory of the container.

Pulling binaries into your Dockerfile using env_vars

It’s possible to add small binary files (30KB or smaller) to your application during the build step using a combination of Base64 encoding and environment variables. This can be useful for keeping sensitive data out of public repos, for example.

This follows almost exactly the same steps as above:

  1. Hash the file using cat filename.ext | base64 and copy the resulting hash (it may be very long, so take care).
  2. Paste it into a new env_var in your Cloud 66 application dashboard
  3. Add a RUN command to your Dockerfile. For example: RUN echo $QR_CODE | base64 -D > /var/www/QR-code.png

This will create a PNG called QR-code under the /var/www directory with the output of the base64 decoding.

For step 1 you can also use this method: base64 -i filename.ext -o hashfilename

…if you’d prefer to output the hash as a file. This often makes it easier to copy the entire hash value (rather than copying from the terminal).