One of the main issue when creating and releasing docker images is making sure that we do not reveal any secret information (password, etc).
In Node, we often use a .env file to achieve this goal. Sadly, we would need to include this file in our Docker image which would make it unsecure. Indeed, if such file is added to the image, anybody who get the image would be able to see the content of that file.
So instead, we will want to pass our secret information when we are running the image. There are 2 ways to pass environment variables to Docker:
Using the option -e
1
docker run [...] -e my_connection_string="xxxxx" -e my_password="xxx" my_node_container
Using the env-file docker option
For this method, you’ll need to create a file containing the list of KEY=Value pairs.
Example:
my_env.list
1
2
3my_connection_string=xxxxxx
my_password=yyyyyyyy
my_secret=zzzzz
Then, run the container using the --env-file option:
1
docker run [...] --env-file ./my_env.list my_node_container
See this document for more details.
From there, you will be able access these variables from Node by using process.env.{KEY}.
Please note that, as a general rule, you should always follow the motto “batteries included but removable”. Meaning that you should code your Node application to have default values (when possible) so the software will run without providing these environment variables. So it can run “straight out of the box”.
Simple example:
Here’s an example to get you started
File: env_test.js
1 | console.log(process.env); |
File: my_env.list
1 | my_connection_string=xxxxxx |
File: Dockerfile
1 | FROM node:12.19.0-alpine3.10 |
Then build your container:
1 | docker image build -t node-test . |
Run it with the -e flag:
1 | docker container run -e my_test="this is a test" node-test |
Or, run it with the –env-file flag:
1 | docker container run --env-file ./my_env.list node-test |