Skip to content

a simple way to provide sensitive and/or dynamic env for docker-compose #3

Description

@bayeslearnerold

I understand this is a simple tool not meant for production, but it would be nice if there is a simple elegant way to accomplish this, as having plain passwords lying around makes many people nervous these days.

As an example, maybe each service can have a separate, optional .env.sh file with contents like:

MYUID=$(id -u)
yyy_password=$(pass docker-compose/services/mssql)

a wrapper is then used to inject the dynamic env before invoking the real docker-compose? This probably means that a gpg passphrase will be needed once for server.sh xxx operation every so often?

# docker-compose-wrapper file
##########
function compose_wrapper() {
    if [ -f "../../.usewrapper" ]; then 
      set -a
      [-f ".env.sh"] && source <(cat .env.sh )
      set +a
    fi
    $real_compose  "$@"
}
...

compose_wrapper "$@"
##############

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions