Using environment variables in a Dockerfile
Your application may need to call environment variables during its build step - particularly if your build has multiple, dependent stages. A common way of achieving this is to add these calls to your Dockerfile. We explain how to achieve this below, and give examples.
Calling an environment variable in a Dockerfile
You can pull the value of an environment variable from your Cloud 66 account into a Dockerfile using the
ENV command and the format
$NAME_OF_KEY. Note that the key name must be capitalized. For example the following:
…would pull the internal IP address of the application’s webserver into the Dockerfile and assign it to a local variable named “WEB_IP”.
Note that this assumes that the environment variable you are calling already exists in your Cloud 66 application. If it doesn’t, this call will result in a build error.
You can also use the following format if you don’t need to set the output as a variable and just need the value of the key for another operation.
Example: pulling an SSH key into a Dockerfile
If a step in your application build requires access to a private SSH key, you could simply paste the key into your Dockerfile but this is quite error prone and often results in unintentional truncation of keys. It’s also obviously not a good security practice as it exposes the key in plain text in the Dockerfile, which may be in a shared or public repo.
Instead, you should hash your private key, add it to your Cloud 66 account and then un-hash it as part of your build process. Follow the steps below to see how this is done:
- Hash your private key on your own machine by using
cat NAME_OF_SSH_KEY | base64and then copying the entire hashed key (be careful not to trim any characters accidentally).
- Open the Cloud 66 dashboard for your application and click Configuration in the right-hand panel.
- Scroll down to Your Custom Variables and Paste your base64 encoded key into the Value field
- Give the key a short and memorable name (e.g. PRIV_SSH_KEY) and Save Changes
- Add a command to your Dockerfile makes use of the key. For example:
RUN echo $ENCODED_SSH_KEY | base64 -D > /root/.ssh/id_rsa
This final step pulls the variable from Cloud 66, decodes it and then saves it as a key under the root directory of the container.
Pulling binaries into your Dockerfile using env_vars
It’s possible to add small binary files (30KB or smaller) to your application during the build step using a combination of Base64 encoding and environment variables. This can be useful for keeping sensitive data out of public repos, for example.
This follows almost exactly the same steps as above:
- Hash the file using
cat filename.ext | base64and copy the resulting hash (it may be very long, so take care).
- Paste it into a new env_var in your Cloud 66 application dashboard
- Add a RUN command to your Dockerfile. For example:
RUN echo $QR_CODE | base64 -D > /var/www/QR-code.png
This will create a PNG called QR-code under the /var/www directory with the output of the base64 decoding.
For step 1 you can also use this method:
base64 -i filename.ext -o hashfilename
…if you’d prefer to output the hash as a file. This often makes it easier to copy the entire hash value (rather than copying from the terminal).